Does your organization maintain documented baselines of expected network communication patterns and data flows for both wired and wireless networks?
Explanation
Network baselines document normal communication patterns and data flows, enabling the detection of anomalies that could indicate security incidents. These baselines should include information about expected traffic volumes, protocols, source/destination pairs, and timing patterns for both wired and wireless networks.
Evidence could include network diagrams showing expected data flows, baseline documentation of normal network traffic patterns, outputs from network monitoring tools showing established baselines, or network traffic analysis reports that reference established baselines.
Implementation Example
Maintain baselines of communication and data flows within the organization's wired and wireless networks
ID: ID.AM-03.125
Context
- Function
- ID: IDENTIFY
- Category
- ID.AM: Asset Management
- Sub-Category
- Representations of the organization's authorized network communication and internal and external network data flows are maintained
Related questions
- Does your organization maintain comprehensive inventories of all hardware assets, including IT equipment, IoT devices, operational technology (OT), and mobile devices?
- Does your organization implement automated network monitoring to detect new hardware and update inventory records in real-time?
- Does your organization maintain a comprehensive inventory of all software and services, including commercial, open-source, custom, API, and cloud-based applications?
- Does your organization implement continuous monitoring for software and service inventory changes across all platforms, including containers and virtual machines?
- Does your organization maintain a comprehensive inventory of all systems within your environment?
- Does your organization document and maintain baselines of expected communication patterns and data flows with third parties?

