Benchmark: System Monitoring (SI-4)
Description
The organization: a.Monitors the information system to detect: 1. Attacks and indicators of potential attacks in accordance with [Assignment: organization-defined monitoring objectives]; and 2.Unauthorized local, network, and remote connections; b. Identifies unauthorized use of the information system through [Assignment: organization-defined techniques and methods]; c. Deploys monitoring devices: 1. Strategically within the information system to collect organization-determined essential information; and 2. At ad hoc locations within the system to track specific types of transactions of interest to the organization; d. Protects information obtained from intrusion-monitoring tools from unauthorized access, modification, and deletion; e. Heightens the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and assets, individuals, other organizations, or the Nation based on law enforcement information, intelligence information, or other credible sources of information; f. Obtains legal opinion with regard to information system monitoring activities in accordance with applicable federal laws, Executive Orders, directives, policies, or regulations; and g. Provides [Assignment: organization-defined information system monitoring information] to [Assignment: organization-defined personnel or roles] [Selection (one or more): as needed; [Assignment: organization-defined frequency]].
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select System Monitoring (SI-4).
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.nist_800_53_rev_5_si_4
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.nist_800_53_rev_5_si_4 --share
Benchmarks
- SI-4(1) System-Wide Intrusion Detection System
- SI-4(2) Automated Tools For Real-Time Analysis
- SI-4(3) Automated Tools And Mechanism Integration
- SI-4(4) Inbound and Outbound Communications Traffic
- SI-4(10) Visibility Of Encrypted Communications
- SI-4(12) Automated Organization-Generated Alerts
- SI-4(13) Analyze Traffic And Event Patterns
- SI-4(14) Wireless Intrusion Detection
- SI-4(17) Integrated Situational Awareness
- SI-4(20) Privileged Users
- SI-4(23) Host-Based Devices
- SI-4(25) Optimize Network Traffic Analysis
- SI-4(a)
- SI-4(b)
- SI-4(c)
- SI-4(d)