• Requirement

    (a) Notify [Assignment: organization-defined incident response personnel (identified by name and/or by role)] of detected suspicious events; and
    (b) Take the following actions upon detection: [Assignment: organization-defined least-disruptive actions to terminate suspicious events].

  • Discussion

    Least-disruptive actions include initiating requests for human responses.

More Info

  • Title

    System Monitoring | Automated Response to Suspicious Events
  • Family

    System and Information Integrity
  • Related NIST 800-53 ID

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!