>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SI-4(4)System Monitoring | Inbound and Outbound Communications Traffic

IL4 Mod
IL4 High
IL5
IL6

>Control Description

(a) Determine criteria for unusual or unauthorized activities or conditions for inbound and outbound communications traffic; (b) Monitor inbound and outbound communications traffic organization-defined frequency for organization-defined unusual or unauthorized activities or conditions.

>DoD Impact Level Requirements

FedRAMP Parameter Values

SI-4 (4) (b)-1 [continuously]

>Discussion

Unusual or unauthorized activities or conditions related to system inbound and outbound communications traffic includes internal traffic that indicates the presence of malicious code or unauthorized use of legitimate code or credentials within organizational systems or propagating among system components, signaling to external systems, and the unauthorized exporting of information. Evidence of malicious code or unauthorized use of legitimate code or credentials is used to identify potentially compromised systems or system components.

>Programmatic Queries

Beta

Related Services

VPC Flow Logs
AWS CloudTrail
Amazon Detective

CLI Commands

Create VPC Flow Log to monitor traffic
aws ec2 create-flow-logs --resource-type VPC --resource-ids vpc-0123456789abcdef0 --traffic-type ALL --log-destination-type cloud-watch-logs --log-group-name /aws/vpc/flowlogs
Query VPC Flow Logs for traffic patterns
aws logs filter-log-events --log-group-name /aws/vpc/flowlogs --filter-pattern '[version, account, interface_id, srcaddr, dstaddr, srcport, dstport="443", protocol, packets, bytes, windowstart, windowend, action, flowlogstatus]'
Get traffic statistics from CloudTrail
aws cloudtrail lookup-events --lookup-attributes AttributeKey=ResourceName,AttributeValue=sg-0123456789abcdef0 --max-results 50
Analyze network connections in Detective
aws detective get-investigation-results --graph-arn arn:aws:detective:us-east-1:123456789012:graph:00000000000000000000000000000000
Open AWS ConsoleDocumentation

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies and procedures govern inbound and outbound communications traffic?
  • Who is responsible for monitoring system and information integrity?
  • How frequently are integrity monitoring processes reviewed and updated?

Technical Implementation:

  • What technical controls detect and respond to inbound and outbound communications traffic issues?
  • How are integrity violations identified and reported?
  • What automated tools support system and information integrity monitoring?
  • What anti-malware solutions are deployed and how are they configured?
  • What systems and events are monitored for integrity violations?

Evidence & Documentation:

  • Can you provide recent integrity monitoring reports or alerts?
  • What logs demonstrate that SI-4(4) is actively implemented?
  • Where is evidence of integrity monitoring maintained and for how long?
  • Can you show recent malware detection reports and response actions?
  • Can you provide examples of integrity monitoring alerts and responses?

Ask AI

Configure your API key to use AI features.