SI-4(7)—Automated Response To Suspicious Events
>Control Description
a
Notify ⚙organization-defined incident response personnel (identified by name and/or by role) of detected suspicious events; and
b
Take the following actions upon detection: ⚙organization-defined least-disruptive actions to terminate suspicious events.
>Cross-Framework Mappings
>Supplemental Guidance
Least-disruptive actions include initiating requests for human responses.
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What policies and procedures govern automated response to suspicious events?
- •Who is responsible for monitoring system and information integrity?
- •How frequently are integrity monitoring processes reviewed and updated?
Technical Implementation:
- •What technical controls detect and respond to automated response to suspicious events issues?
- •How are integrity violations identified and reported?
- •What automated tools support system and information integrity monitoring?
Evidence & Documentation:
- •Can you provide recent integrity monitoring reports or alerts?
- •What logs demonstrate that SI-4(7) is actively implemented?
- •Where is evidence of integrity monitoring maintained and for how long?
Ask AI
Configure your API key to use AI features.