(Revised: 03/2021)
Policy:  Each state entity is responsible for continuous monitoring of its networks and other information assets for signs of attack, anomalies, and suspicious or inappropriate activities.
Each state entity shall ensure:
1. An event logging and monitoring strategy, which provides for audit trails and auditability of events and appropriate segregation and separation of duties;
2. Event logging and log monitoring are performed with sufficient regularity that signs of attack, anomalies, and suspicious or inappropriate activities are identified and acted upon in a timely manner;
3. Sensors, agents, and security monitoring software are placed at strategic locations throughout the network;
4. Situational awareness information from security monitoring and event correlation tools are monitored to identify events that require investigation and response; 
5. Potential security events are reported immediately to the security incident response team;
6. Response to security event notifications from OIS and other third parties comply with the Security Event Notification and Response Protocols, SIMM 5335-A.
Implementation Controls: NIST SP 800-53:  Audit and Accountability (AU); Physical and Environmental Protection (PE); Risk Assessment (RA), SIMM 5335-A. 

Searchable SAM

Print Entire SAM