DE.CM-03—Personnel activity and technology usage are monitored to find potentially adverse events
>Control Description
This continuous monitoring subcategory ensures that personnel activity and technology usage are monitored to find potentially adverse events. Key activities include: Use behavior analytics software to detect anomalous user activity to mitigate insider threats; Monitor logs from logical access control systems to find unusual access patterns and failed access attempts; Continuously monitor deception technology, including user accounts, for any usage.
>Cross-Framework Mappings
NIST SP 800-53 r5
via NIST CSF 2.0 Concept CrosswalkISO 27001:2022
via NIST OLIR Catalog>Informative References
Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0
CCMv4.0
LOG-01
LOG-03
LOG-05
LOG-08
TVM-10
CIS Controls v8.0
10.7
CIS Controls v8.1
10.7
CRI Profile v2.0
DE.CM-03
DE.CM-03.01
DE.CM-03.02
DE.CM-03.03
CSF v1.1
DE.CM-3
DE.CM-7
ISO/IEC 27001:2022
Mandatory Clause: 9.1
Annex A Controls: 7.4
Annex A Controls: 8.16
NICE Framework
DD-WRL-007
IO-WRL-006
OG-WRL-016
PD-WRL-001
PD-WRL-004
PD-WRL-005
PCI DSS
10.2.1
10.4.1
8.2.2
10.6.1
SCF
MON-01
MON-16
NET-18
SP 800-171 Rev 3
03.01.01
03.03.03
03.12.03
SP 800-53 Rev 5.1.1
AC-02
AU-12
AU-13
CA-07
CM-10
CM-11
SP 800-53 Rev 5.2.0
AC-02
AU-12
AU-13
CA-07
CM-10
CM-11
Ask AI
Configure your API key to use AI features.