800-53|SI-4(7)

Title

AUTOMATED RESPONSE TO SUSPICIOUS EVENTS

Description

The information system notifies [Assignment: organization-defined incident response personnel (identified by name and/or by role)] of detected suspicious events and takes [Assignment: organization-defined least-disruptive actions to terminate suspicious events].

Supplemental

Least-disruptive actions may include, for example, initiating requests for human responses.

Reference Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

Parent Title: INFORMATION SYSTEM MONITORING

Family: SYSTEM AND INFORMATION INTEGRITY

Audit Items