SI-4(17)—Integrated Situational Awareness
>Control Description
>Cross-Framework Mappings
>Supplemental Guidance
Correlating monitoring information from a more diverse set of information sources helps to achieve integrated situational awareness. Integrated situational awareness from a combination of physical, cyber, and supply chain monitoring activities enhances the capability of organizations to more quickly detect sophisticated attacks and investigate the methods and techniques employed to carry out such attacks. In contrast to SI-04(16), which correlates the various cyber monitoring information, integrated situational awareness is intended to correlate monitoring beyond the cyber domain.
Correlation of monitoring information from multiple activities may help reveal attacks on organizations that are operating across multiple attack vectors.
>Related Controls
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What policies and procedures govern integrated situational awareness?
- •Who is responsible for monitoring system and information integrity?
- •How frequently are integrity monitoring processes reviewed and updated?
Technical Implementation:
- •What technical controls detect and respond to integrated situational awareness issues?
- •How are integrity violations identified and reported?
- •What automated tools support system and information integrity monitoring?
- •What systems and events are monitored for integrity violations?
Evidence & Documentation:
- •Can you provide recent integrity monitoring reports or alerts?
- •What logs demonstrate that SI-4(17) is actively implemented?
- •Where is evidence of integrity monitoring maintained and for how long?
- •Can you provide examples of integrity monitoring alerts and responses?
Ask AI
Configure your API key to use AI features.