800-53|SI-4(2)

Title

AUTOMATED TOOLS FOR REAL-TIME ANALYSIS

Description

The organization employs automated tools to support near real-time analysis of events.

Supplemental

Automated tools include, for example, host-based, network-based, transport-based, or storage-based event monitoring tools or Security Information and Event Management (SIEM) technologies that provide real time analysis of alerts and/or notifications generated by organizational information systems.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: SYSTEM AND INFORMATION INTEGRITY

Parent Title: INFORMATION SYSTEM MONITORING

Family: SYSTEM AND INFORMATION INTEGRITY

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.4.4 Set IP address for 'logging host'	Cisco	CIS Cisco IOS XR 7.x v1.0.0 L1
1.6.3 Configure Netflow on Strategic Ports	Cisco	CIS Cisco NX-OS L2 v1.1.0
2.1.1 Ensure Firewall Is Enabled	Unix	CIS Apple macOS 13.0 Ventura Cloud-tailored v1.0.0 L1
2.1.1 Ensure Firewall Is Enabled	Unix	CIS Apple macOS 14.0 Sonoma Cloud-tailored v1.0.0 L1
2.2.1 Ensure Firewall Is Enabled	Unix	CIS Apple macOS 14.0 Sonoma v1.1.0 L1
2.2.1 Ensure Firewall Is Enabled	Unix	CIS Apple macOS 13.0 Ventura v2.1.0 L1
2.2.4 Set IP address for 'logging host'	Cisco	CIS Cisco IOS XE 17.x v2.1.0 L1
2.2.4 Set IP address for 'logging host'	Cisco	CIS Cisco IOS XE 16.x v2.1.0 L1
2.4.1.1 Ensure Firewall Is Enabled	Unix	CIS Apple macOS 12.0 Monterey Cloud-tailored v1.0.0 L1
2.5.2.1 Ensure Firewall Is Enabled	Unix	CIS Apple macOS 12.0 Monterey v3.1.0 L1
2.5.2.1 Ensure Firewall Is Enabled	Unix	CIS Apple macOS 10.15 Catalina v3.0.0 L1
2.5.2.1 Ensure Firewall Is Enabled	Unix	CIS Apple macOS 11.0 Big Sur v4.0.0 L1
2.5.2.2 Ensure Firewall Is Enabled	Unix	CIS Apple macOS 10.14 v2.0.0 L1
3.3.2 Configure Storm Control	Cisco	CIS Cisco NX-OS L2 v1.1.0
6.10 Ensure that URL Filtering uses the action of 'block' or 'override' on the URL categories	Palo_Alto	CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
6.10 Ensure that URL Filtering uses the action of 'block' or 'override' on the URL categories	Palo_Alto	CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
6.11 Ensure that access to every URL is logged	Palo_Alto	CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
6.11 Ensure that access to every URL is logged	Palo_Alto	CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
6.14 Ensure alerting after a threshold of credit card or Social Security numbers is detected is enabled - Data Object	Palo_Alto	CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
6.14 Ensure alerting after a threshold of credit card or Social Security numbers is detected is enabled - Data Object	Palo_Alto	CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0

Detections

Analytics