Information System Monitoring

class

Operational

family

System and Information Integrity

number

SI-4

priority

P1

impact

MODERATE_HIGH

The organization: Monitors events on the information system in accordance with [ Assignment: organization-defined monitoring objectives ] and detects information system attacks; Identifies unauthorized use of the information system; Deploys monitoring devices: (i) strategically within the information system to collect organization-determined essential information; and (ii) at ad hoc locations within the system to track specific types of transactions of interest to the organization; Heightens the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and assets, individuals, other organizations, or the Nation based on law enforcement information, intelligence information, or other credible sources of information; and Obtains legal opinion with regard to information system monitoring activities in accordance with applicable federal laws, Executive Orders, directives, policies, or regulations.

Comments