Homexnetd.com
xnetd.com

3.14 SYSTEM AND INFORMATION INTEGRITY

3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks | NIST 800-171 control 3.14.6 mandates monitoring organizational systems and communication traffic to identify potential cyberattacks. This helps organizations proactively defend against threats, respond to incidents quicker, and improve overall security posture. Implementing this control involves using Security Information and Event Management (SIEM) tools, analyzing system logs, and employing Network Traffic Analysis (NTA) tools to detect suspicious activity. Fulfilling this control demonstrates an organization's accountability for its system security and compliance with relevant regulations.

3.14 SYSTEM AND INFORMATION INTEGRITY
Back to "3.14 SYSTEM AND INFORMATION INTEGRITY"
3.14 SYSTEM AND INFORMATION INTEGRITY
🖨️

3.14.6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks

By wnoble2005@gmail.com (William Noble) 📅 2024-03-03
NIST 800-171 control 3.14.6 mandates monitoring organizational systems and communication traffic to identify potential cyberattacks. This helps organizations proactively defend against threats, respond to incidents quicker, and improve overall security posture. Implementing this control involves using Security Information and Event Management (SIEM) tools, analyzing system logs, and employing Network Traffic Analysis (NTA) tools to detect suspicious activity. Fulfilling this control demonstrates an organization's accountability for its system security and compliance with relevant regulations.



System monitoring includes external and internal monitoring. External monitoring includes the observation of events occurring at the system boundary (i.e., part of perimeter defense and boundary protection). Internal monitoring includes the observation of events occurring within the system. Organizations can monitor systems, for example, by observing audit record activities in real time or by observing other system aspects such as access patterns, characteristics of access, and other actions. The monitoring objectives may guide determination of the events. System monitoring capability is achieved through a variety of tools and techniques (e.g., intrusion detection systems, intrusion prevention systems, malicious code protection software, scanning tools, audit record monitoring software, network monitoring software). Strategic locations for monitoring devices include selected perimeter locations and near server farms supporting critical applications, with such devices being employed at managed system interfaces. The granularity of monitoring information collected is based on organizational monitoring objectives and the capability of systems to support such objectives.System monitoring is an integral part of continuous monitoring and incident response programs. Output from system monitoring serves as input to continuous monitoring and incident response programs. A network connection is any connection with a device that communicates through a network (e.g., local area network, Internet). A remote connection is any connection with a device communicating through an external network (e.g., the Internet). Local, network, and remote connections can be either wired or wireless.Unusual or unauthorized activities or conditions related to inbound/outbound communications traffic include internal traffic that indicates the presence of malicious code in systems or propagating among system components, the unauthorized exporting of information, or signaling to external systems. Evidence of malicious code is used to identify potentially compromised systems or system components. System monitoring requirements, including the need for specific types of system monitoring, may be referenced in other requirements.[SP 800-94] provides guidance on intrusion detection and prevention systems.


Benefits:

Early Attack Detection: Proactive monitoring allows you to identify and stop attacks before they cause significant damage, protecting data and systems.

Reduced Risk of Breaches: Early detection enables quicker response and mitigation, minimizing the impact and potential for successful data breaches.

Improved Security Posture: Continuous monitoring helps identify vulnerabilities and suspicious activity, allowing you to address them and strengthen your overall security posture.

Enhanced Regulatory Compliance: Implementing this control can contribute to compliance with various data security regulations and industry standards.

Accountability:

Senior Management: Sets the security tone: Ensure resources, training, and policies are available to implement 3.14.6 effectively.
Reviews and approves monitoring plans: Ensures plans align with organizational needs and risks.
Provides oversight and resources: Allocates resources for monitoring tools, analysis, and personnel training.

IT Security Team: Develops and implements monitoring plans: Defines what to monitor, how, and at what frequency, complying with 3.14.6. Maintains and updates monitoring systems: Ensures systems collect and analyze data effectively. Analyzes logs and alerts: Identifies potential attacks and investigates anomalous traffic. Reports security incidents: Informs management and system owners of potential threats.

System Owners: Understands monitoring requirements: Agrees to and implements monitoring procedures for their systems. Collaborates with the security team: Provides necessary access and information for effective monitoring. Reviews security events and reports: Takes appropriate actions based on identified security incidents.

Individual Users: Uses systems responsibly: Avoids actions that could trigger false positives or compromise systems. Reports suspicious activity: Notifies the Security Team of potential security incidents identified through personal awareness.

Implementation:

Define Monitoring Scope: Identify critical systems, networks, and data to be monitored. This includes both inbound and outbound traffic.

Choose Monitoring Tools: Utilize tools like Security Information and Event Management (SIEM) systems, Intrusion Detection/Prevention Systems (IDS/IPS), and log monitoring tools.


Establish Alerting Rules: Configure alerts for anomalies like unusual traffic patterns, unauthorized access attempts, and suspicious file transfers.

Incident Response: Develop a plan to investigate and respond to security incidents identified through monitoring. This includes escalation procedures and containment measures.

Continuous Improvement: Regularly review logs, refine monitoring rules, and update tools to adapt to evolving threats and maintain effectiveness.

Go to docs.google.com

About "3.14.6 Monitor organizati...tacks" 🡃
Category:Cybersecurity Maturity Model
Family:System and Information Integrity (AC 3.14)
Type:Derived Security Requirements
#CybersecurityMaturityModel #DerivedSecurityRequirements
⬅ Back to 3.14 SYSTEM AND INFORMATION INTEGRITY

More on q4q.com

Q4Q Technical Solutions

© q4q.com 1999-2024