SI-4(13)—Analyze Traffic And Event Patterns
>Control Description
a
Analyze communications traffic and event patterns for the system;
b
Develop profiles representing common traffic and event patterns; and
c
Use the traffic and event profiles in tuning system-monitoring devices.
>Cross-Framework Mappings
>Supplemental Guidance
Identifying and understanding common communications traffic and event patterns help organizations provide useful information to system monitoring devices to more effectively identify suspicious or anomalous traffic and events when they occur. Such information can help reduce the number of false positives and false negatives during system monitoring.
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What policies and procedures govern analyze traffic and event patterns?
- •Who is responsible for monitoring system and information integrity?
- •How frequently are integrity monitoring processes reviewed and updated?
Technical Implementation:
- •What technical controls detect and respond to analyze traffic and event patterns issues?
- •How are integrity violations identified and reported?
- •What automated tools support system and information integrity monitoring?
- •What systems and events are monitored for integrity violations?
Evidence & Documentation:
- •Can you provide recent integrity monitoring reports or alerts?
- •What logs demonstrate that SI-4(13) is actively implemented?
- •Where is evidence of integrity monitoring maintained and for how long?
- •Can you provide examples of integrity monitoring alerts and responses?
Ask AI
Configure your API key to use AI features.