Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization implements [Assignment: organization-defined additional monitoring] of individuals who have been identified by [Assignment: organization-defined sources] as posing an increased level of risk.
NIST 800-53 (r4) Supplemental Guidance:
Indications of increased risk from individuals can be obtained from a variety of sources including, for example, human resource records, intelligence agencies, law enforcement organizations, and/or other credible sources. The monitoring of individuals is closely coordinated with management, legal, security, and human resources officials within organizations conducting such monitoring and complies with federal legislation, Executive Orders, policies, directives, regulations, and standards.
NIST 800-53 (r5) Discussion:
Indications of increased risk from individuals can be obtained from different sources, including personnel records, intelligence agencies, law enforcement organizations, and other sources. The monitoring of individuals is coordinated with the management, legal, security, privacy, and human resource officials who conduct such monitoring. Monitoring is conducted in accordance with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines.
38North Guidance:
Meets Minimum Requirement:
In the event an individual poses an increased level of risk, implement additional monitoring. Examples of additional monitoring include: tagging events involving users and accounts in Administrative roles with higher risk in SIEM, antivirus results, and logging mechanisms; identifying failed admin login attempts; sudo monitoring; full text of privileged commands; and any other audit events or content deemed necessary.
Best Practice: None
Unofficial FedRAMP Guidance: None
Assessment Evidence:
Configurations of solution(s) supporting and/or implementing monitoring and analysis of individuals posing greater risk.
CSP Implementation Tips: None
Page updated
Report abuse