• Requirement

    1. Notify [Assignment: organization-defined incident response personnel (identified by name and/or by role)] of detected suspicious events; and
    2. Take the following actions upon detection: [Assignment: organization-defined least-disruptive actions to terminate suspicious events].
  • Discussion

    Least-disruptive actions include initiating requests for human responses.

More Info

  • Title

    System Monitoring | Automated Response to Suspicious Events
  • Family

    System and Information Integrity
  • NIST 800-53B Baseline(s)

    • Related NIST 800-53 ID

    NIST 800-53A Assessment Guidance

    CMMC Training

    Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!