Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization employs automated mechanisms to make security alert and advisory information available throughout the organization.
NIST 800-53 (r4) Supplemental Guidance:
The significant number of changes to organizational information systems and the environments in which those systems operate requires the dissemination of security-related information to a variety of organizational entities that have a direct interest in the success of organizational missions and business functions. Based on the information provided by the security alerts and advisories, changes may be required at one or more of the three tiers related to the management of information security risk including the governance level, mission/business process/enterprise architecture level, and the information system level.
NIST 800-53 (r5) Discussion:
The significant number of changes to organizational systems and environments of operation requires the dissemination of security-related information to a variety of organizational entities that have a direct interest in the success of organizational mission and business functions. Based on information provided by security alerts and advisories, changes may be required at one or more of the three levels related to the management of risk, including the governance level, mission and business process level, and the information system level.
38North Guidance:
Meets Minimum Requirement:
Deploy automated mechanisms (e.g. ticketing system) to make security alerts and advisory information available throughout the organization.
Best Practice: None
Unofficial FedRAMP Guidance: None
Assessment Evidence:
Configurations of automated mechanisms (e.g. ticketing system) to make security alert and advisory information available throughout the organization.
CSP Implementation Tips: None
Page updated
Report abuse