Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization employs trend analyses to determine if security control implementations, the frequency of continuous monitoring activities, and/or the types of activities used in the continuous monitoring process need to be modified based on empirical data.
NIST 800-53 (r4) Supplemental Guidance:
Trend analyses can include, for example, examining recent threat information regarding the types of threat events that have occurred within the organization or across the federal government, success rates of certain types of cyber attacks, emerging vulnerabilities in information technologies, evolving social engineering techniques, results from multiple security control assessments, the effectiveness of configuration settings, and findings from Inspectors General or auditors.
NIST 800-53 (r5) Discussion:
Trend analyses include examining recent threat information that addresses the types of threat events that have occurred in the organization or the Federal Government, success rates of certain types of attacks, emerging vulnerabilities in technologies, evolving social engineering techniques, the effectiveness of configuration settings, results from multiple control assessments, and findings from Inspectors General or auditors.
38North Guidance:
Meets Minimum Requirement:
Perform trend analysis by gathering data from log correlation tools, performance metrics, security control outputs to determine whether the continuous monitoring program for the organization is robust to maintain a safe security posture.
Best Practice:
Trend Analysis Techniques:
Performing temporal trend analysis allows for the organization to collect data for a specified period of time to determine the effectiveness of security controls.
Intuitive trend analysis allows the organization to analyze data based on behavioral patterns.
Reporting Trend Analysis Results:
Describe the data that was collected and analyzed.
Detail the criteria used to evaluate the data.
List all the results that seem to indicate trends.
Provide any recommendations as corrective actions.
Unofficial FedRAMP Guidance:
None.
Assessment Evidence:
Organizational performance metrics and analysis performed with management decisions for results that require corrective actions or updates.
CSP Implementation Tips:
None.
Page updated
Report abuse