Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization employs automated mechanisms to assist in the tracking of security incidents and in the collection and analysis of incident information.
NIST 800-53 (r4) Supplemental Guidance:
Automated mechanisms for tracking security incidents and collecting/analyzing incident information include, for example, the Einstein network monitoring device and monitoring online Computer Incident Response Centers (CIRCs) or other electronic databases of incidents. Related controls: AU-7, IR-4.
References: NIST Special Publication 800-61.
NIST 800-53 (r5) Discussion:
Automated mechanisms for tracking incidents and collecting and analyzing incident information include Computer Incident Response Centers or other electronic databases of incidents and network monitoring devices.
38North Guidance:
Meets Minimum Requirement:
The organization has implemented the use of an automated tool (e.g. SIEM tool) that can ingest the information needed to analyze information related to the incident.
There are procedures in place to ensure that relevant information is collected in the system when an incident is identified.
The automated tool is used for all security incidents and an analysis of the data is being performed either by the tool or manually by an individual reviewing the data within the tool.
Workflow automation is implemented within the tool for handling and tracking security incidents.
Best Practice:
TBD
Unofficial FedRAMP Guidance:
TBD
Assessment Evidence:
Evidence of automated mechanisms that are employed such as incident tickets, security incident monitoring alerts, system configuration, etc.
Sample of incidents from the tool that have been tracked from detection through closure.
CSP Implementation Tips:
Amazon Web Services (AWS): TBD
Microsoft Azure: TBD
Google Cloud Platform: TBD
Page updated
Report abuse