Does your organization implement continuous monitoring to detect unauthorized personnel, connections, devices, and software?
Explanation
Continuous monitoring involves real-time or near real-time surveillance of your environment to identify security anomalies such as unauthorized access attempts, unknown devices connecting to your network, or unapproved software installations.
This includes tools like intrusion detection systems (IDS), security information and event management (SIEM) solutions, network monitoring tools, and access control logs that alert security personnel to potential threats.
Evidence of fulfillment could include screenshots of monitoring dashboards, alert configuration settings, monitoring system logs, documented procedures for responding to detected anomalies, and reports showing detected and remediated incidents over a recent time period.
Context
- Function
- DE: DETECT
- Category
- DE.CM: Continuous Monitoring
- Sub-Category
- Monitoring for unauthorized personnel, connections, devices, and software is performed
Related questions
- Does your organization have a system in place to monitor DNS, BGP, and other critical network services for suspicious or malicious activities?
- Does your organization implement network monitoring controls to detect and alert on unauthorized endpoint connections to both wired and wireless networks?
- Does your organization have a process to regularly monitor facilities for unauthorized or rogue wireless networks?
- Does your organization regularly compare actual network traffic flows against established baselines to detect and investigate deviations?
- Does your organization continuously monitor network communications to detect changes in security postures as part of a zero trust architecture?
- Does your organization monitor physical access control logs for unusual patterns and failed access attempts?

