Does your organization continuously monitor network communications to detect changes in security postures as part of a zero trust architecture?
Explanation
Continuous trust verification underpins this question, which asks whether you monitor network communications in real time to detect shifts in security posture as part of a zero trust architecture.
In a zero trust model, continuous verification is essential as security postures can change rapidly when devices become compromised, configurations drift, or unauthorized access attempts occur.An acceptable evidence deliverable would include documentation of your network monitoring solution configuration, screenshots of dashboards showing security posture monitoring, logs demonstrating detection of posture changes, and procedures for responding to identified security posture changes.
This could also include reports from tools like Network Access Control (NAC) systems, Endpoint Detection and Response (EDR) solutions, or Security Information and Event Management (SIEM) platforms that specifically monitor for security posture changes.
Implementation Example
Monitor network communications to identify changes in security postures for zero trust purposes
ID: DE.CM-01.275
Context
- Function
- DE: DETECT
- Category
- DE.CM: Continuous Monitoring
- Sub-Category
- Networks and network services are monitored to find potentially adverse events
Related questions
- Does your organization have a system in place to monitor DNS, BGP, and other critical network services for suspicious or malicious activities?
- Does your organization implement network monitoring controls to detect and alert on unauthorized endpoint connections to both wired and wireless networks?
- Does your organization have a process to regularly monitor facilities for unauthorized or rogue wireless networks?
- Does your organization regularly compare actual network traffic flows against established baselines to detect and investigate deviations?
- Does your organization monitor physical access control logs for unusual patterns and failed access attempts?
- Does your organization regularly review and monitor physical access records to track visitor and personnel entry to facilities?

