SI-04.7: Automated Response to Suspicious Events

SI-04.7 · Automated Response to Suspicious Events

Control Description

Notify {{ insert: param, si-04.07_odp.01 }} of detected suspicious events; and Take the following actions upon detection: {{ insert: param, si-04.07_odp.02 }}.

Impact Baselines

Security baselines where this control applies

Not in any baseline

Control Properties

SP800-53-enhancement

system

Assurance

Enhancement

Control Statement

The control requirements

(a) Notify {{ insert: param, si-04.07_odp.01 }} of detected suspicious events; and

(b) Take the following actions upon detection: {{ insert: param, si-04.07_odp.02 }}.

Supplemental Guidance

Least-disruptive actions include initiating requests for human responses.