D.2.1 System monitoring

Control Details

Objective

Detect runtime product anomalies

Definition

Continuously monitor the running system to gather information for risk decisions, criticality analysis, vulnerability and threat analysis, incident response, policy non-compliance, and insider threat detection, including boundary protection, supply chain components, and supply chain information flow.

Assessment Questions

1. How are running systems continuously monitored to gather information for risk decisions, criticality analysis, vulnerability and threat analysis, incident response, and insider threat, including boundary protections of supply chain components and supply chain information flow?
2. What is the process when an intrusion or violation is detected? Is there a QoS target?

Reference sources

1. EO 4e(vii)
2. SSDF-AI PO.5.3
3. 800-161 CA-7
4. CNCF-SSC BP-SA Deploy monitoring tools to detect malicious behavior D-A Continuous vulnerability scanning