SI.L2-3.14.6—Monitor Communications for Attacks
Level 2
800-171: 3.14.6
>Control Description
Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks.
>Cross-Framework Mappings
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What is your security monitoring policy and program?
- •What monitoring tools and technologies do you use?
- •Who is responsible for security monitoring?
- •How do you identify and respond to potential attacks?
- •What is your process for investigating and triaging security events?
- •How are monitoring alerts escalated?
Technical Implementation:
- •What SIEM or security monitoring platform is deployed?
- •What IDS/IPS technologies detect attacks?
- •What network traffic analysis (NTA) tools monitor communications?
- •What EDR tools monitor endpoints for attacks?
- •What threat intelligence feeds inform detection?
- •What SOC tools support security monitoring?
- •What behavioral analytics detect anomalies?
Evidence & Documentation:
- •What patch management reports show timely patching?
- •What anti-malware deployment and update reports can you provide?
- •What malware scan reports and logs can you show?
- •What security monitoring reports demonstrate monitoring is occurring?
- •What security alert tracking shows alerts are reviewed and acted upon?
- •What incident detection logs demonstrate security monitoring?
- •What patch testing procedures can you provide?
Ask AI
Configure your API key to use AI features.