← Back to catalog
SI-7(7)

Integration of Detection and Response

System and Information Integrity (SI)
Baselines
Low · Not includedModerate · IncludedHigh · Included
Description

Incorporate the detection of the following unauthorized changes into the organizational incident response capability: [assignment].

Discussion

Integrating detection and response helps to ensure that detected events are tracked, monitored, corrected, and available for historical purposes. Maintaining historical records is important for being able to identify and discern adversary actions over an extended time period and for possible legal actions. Security-relevant changes include unauthorized changes to established configuration settings or the unauthorized elevation of system privileges.

Implementation guidance

No content available.

CSF 2.0 crosswalk

No CSF mappings exist for this control.