Created
September 6, 2022 22:50
-
-
Save opexxx/7ca9c6acb8d88031a59626c1b65b3b08 to your computer and use it in GitHub Desktop.
Detect: Functional Area summary
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Anomalies and Events | |
| DE.AE-1: A baseline of network operations and expected data flows for users and systems is established and managed | |
| DE.AE-2: Detected events are analyzed to understand attack targets and methods | |
| DE.AE-3: Event data are collected and correlated from multiple sources and sensors | |
| DE.AE-4: Impact of events is determined | |
| DE.AE-5: Incident alert thresholds are established | |
| Continous Monitoring | |
| DE.CM-1: The network is monitored to detect potential cybersecurity events | |
| DE.CM-2: The physical environment is monitored to detect potential cybersecurity events | |
| DE.CM-3: Personnel activity is monitored to detect potential cybersecurity events | |
| DE.CM-4: Malicious code is detected | |
| DE.CM-5: Unauthorized mobile code is detected | |
| DE.CM-6: External service provider activity is monitored to detect potential cybersecurity events | |
| DE.CM-7: Monitoring for unauthorized personnel, connections, devices, and software is performed | |
| DE.CM-8: Vulnerability scans are performed | |
| Detection Process | |
| DE.DP-1: Roles and responsibilities for detection are well defined to ensure accountability | |
| DE.DP-2: Detection activities comply with all applicable requirements | |
| DE.DP-3: Detection processes are tested | |
| DE.DP-4: Event detection information is communicated to appropriate parties | |
| DE.DP-5: Detection processes are continuously improved |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment