800-53|SI-4(2)

Title

AUTOMATED TOOLS FOR REAL-TIME ANALYSIS

Description

The organization employs automated tools to support near real-time analysis of events.

Supplemental

Automated tools include, for example, host-based, network-based, transport-based, or storage-based event monitoring tools or Security Information and Event Management (SIEM) technologies that provide real time analysis of alerts and/or notifications generated by organizational information systems.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: SYSTEM AND INFORMATION INTEGRITY

Parent Title: INFORMATION SYSTEM MONITORING

Family: SYSTEM AND INFORMATION INTEGRITY

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
2.2.1 Ensure Firewall Is Enabled	Unix	CIS Apple macOS 13.0 Ventura v2.0.0 L1
2.2.1 Ensure Firewall Is Enabled	Unix	CIS Apple macOS 14.0 Sonoma v1.0.0 L1
2.2.4 Set IP address for 'logging host'	Cisco	CIS Cisco IOS 16 L1 v2.0.0
2.2.4 Set IP address for 'logging host'	Cisco	CIS Cisco IOS 17 L1 v2.0.0
2.5.2.1 Ensure Firewall Is Enabled	Unix	CIS Apple macOS 11.0 Big Sur v4.0.0 L1
2.5.2.1 Ensure Firewall Is Enabled	Unix	CIS Apple macOS 10.15 Catalina v3.0.0 L1
2.5.2.1 Ensure Firewall Is Enabled	Unix	CIS Apple macOS 12.0 Monterey v3.0.0 L1
2.5.2.2 Ensure Firewall Is Enabled	Unix	CIS Apple macOS 10.14 v2.0.0 L1
6.10 Ensure that URL Filtering uses the action of 'block' or 'override' on the URL categories	Palo_Alto	CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
6.10 Ensure that URL Filtering uses the action of 'block' or 'override' on the URL categories	Palo_Alto	CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
6.11 Ensure that access to every URL is logged	Palo_Alto	CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
6.11 Ensure that access to every URL is logged	Palo_Alto	CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
6.14 Ensure alerting after a threshold of credit card or Social Security numbers is detected is enabled - Data Object	Palo_Alto	CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
6.14 Ensure alerting after a threshold of credit card or Social Security numbers is detected is enabled - Data Object	Palo_Alto	CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0

Detections

Analytics