SI-2(7)—Root Cause Analysis
>Control Description
Conduct root cause analysis to identify the underlying causes of issues or failures;
Develop actions to address the root cause of the issue or failure;
Implement the actions and monitor the implementation for effectiveness.
>Supplemental Guidance
Root cause analysis includes a wide range of approaches, tools, and techniques to systematically identify the underlying causes of issues or failures in systems and systems components (i.e., hardware, software, and firmware). Organizations consider the severity of the incident to determine what root cause analysis method should be used and how quickly to implement remediation actions. The root cause analysis includes a timeline, missed warning signs, key decisions, gaps, mitigations, and verification of effectiveness.
The actions identified to address the source of the issue are implemented and integrated into applicable organizational policies, procedures, and control implementations.
>Related Controls
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What policies and procedures govern root cause analysis?
- •Who is responsible for monitoring system and information integrity?
- •How frequently are integrity monitoring processes reviewed and updated?
Technical Implementation:
- •What technical controls detect and respond to root cause analysis issues?
- •How are integrity violations identified and reported?
- •What automated tools support system and information integrity monitoring?
- •What systems and events are monitored for integrity violations?
Evidence & Documentation:
- •Can you provide recent integrity monitoring reports or alerts?
- •What logs demonstrate that SI-2(7) is actively implemented?
- •Where is evidence of integrity monitoring maintained and for how long?
- •Can you provide examples of integrity monitoring alerts and responses?
Ask AI
Configure your API key to use AI features.