compliance controls are associated with this Policy definition 'Report atypical behavior of user accounts' (e4054c0e-1184-09e6-4c5e-701e0bc90f81)
| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| FedRAMP_High_R4 |
AC-2(12) |
FedRAMP_High_R4_AC-2(12) |
FedRAMP High AC-2 (12) |
Access Control |
Account Monitoring / Atypical Usage |
Shared |
n/a |
The organization:
(a) Monitors information system accounts for [Assignment: organization-defined atypical use]; and
(b) Reports atypical usage of information system accounts to [Assignment: organization-defined personnel or roles].
Supplemental Guidance: Atypical usage includes, for example, accessing information systems at certain times of the day and from locations that are not consistent with the normal usage patterns of individuals working in organizations. Related control: CA-7. |
link |
13 |
| FedRAMP_Moderate_R4 |
AC-2(12) |
FedRAMP_Moderate_R4_AC-2(12) |
FedRAMP Moderate AC-2 (12) |
Access Control |
Account Monitoring / Atypical Usage |
Shared |
n/a |
The organization:
(a) Monitors information system accounts for [Assignment: organization-defined atypical use]; and
(b) Reports atypical usage of information system accounts to [Assignment: organization-defined personnel or roles].
Supplemental Guidance: Atypical usage includes, for example, accessing information systems at certain times of the day and from locations that are not consistent with the normal usage patterns of individuals working in organizations. Related control: CA-7. |
link |
13 |
| ISO27001-2013 |
A.16.1.2 |
ISO27001-2013_A.16.1.2 |
ISO 27001:2013 A.16.1.2 |
Information Security Incident Management |
Reporting information security events |
Shared |
n/a |
Information security events shall be reported through appropriate management channels as quickly as possible. |
link |
14 |
| ISO27001-2013 |
A.16.1.3 |
ISO27001-2013_A.16.1.3 |
ISO 27001:2013 A.16.1.3 |
Information Security Incident Management |
Reporting information security weaknesses |
Shared |
n/a |
Employees and contractors using the organization's information systems and services shall be required to note and report any observed or suspected information security weaknesses in systems or services. |
link |
4 |
| ISO27001-2013 |
A.16.1.4 |
ISO27001-2013_A.16.1.4 |
ISO 27001:2013 A.16.1.4 |
Information Security Incident Management |
Assessment of and decision on information security events |
Shared |
n/a |
Information security events shall be assessed and it shall be decided if they are to be classified as information security incidents. |
link |
23 |
| ISO27001-2013 |
A.16.1.5 |
ISO27001-2013_A.16.1.5 |
ISO 27001:2013 A.16.1.5 |
Information Security Incident Management |
Response to information security incidents |
Shared |
n/a |
Information security incidents shall be responded to in accordance with the documented procedures. |
link |
12 |
| ISO27001-2013 |
A.16.1.6 |
ISO27001-2013_A.16.1.6 |
ISO 27001:2013 A.16.1.6 |
Information Security Incident Management |
Learning from information security incidents |
Shared |
n/a |
Knowledge gained from analyzing and resolving information security incidents shall be used to reduce the likelihood or impact of future incidents. |
link |
13 |
| ISO27001-2013 |
A.16.1.7 |
ISO27001-2013_A.16.1.7 |
ISO 27001:2013 A.16.1.7 |
Information Security Incident Management |
Collection of evidence |
Shared |
n/a |
The organization shall define and apply procedures for the identification, collection, acquisition and preservation of information which can serve as evidence. |
link |
7 |
|
mp.eq.3 Protection of portable devices |
mp.eq.3 Protection of portable devices |
404 not found |
|
|
|
n/a |
n/a |
|
71 |
| NIST_SP_800-53_R4 |
AC-2(12) |
NIST_SP_800-53_R4_AC-2(12) |
NIST SP 800-53 Rev. 4 AC-2 (12) |
Access Control |
Account Monitoring / Atypical Usage |
Shared |
n/a |
The organization:
(a) Monitors information system accounts for [Assignment: organization-defined atypical use]; and
(b) Reports atypical usage of information system accounts to [Assignment: organization-defined personnel or roles].
Supplemental Guidance: Atypical usage includes, for example, accessing information systems at certain times of the day and from locations that are not consistent with the normal usage patterns of individuals working in organizations. Related control: CA-7. |
link |
13 |
| NIST_SP_800-53_R5 |
AC-2(12) |
NIST_SP_800-53_R5_AC-2(12) |
NIST SP 800-53 Rev. 5 AC-2 (12) |
Access Control |
Account Monitoring for Atypical Usage |
Shared |
n/a |
(a) Monitor system accounts for [Assignment: organization-defined atypical usage]; and
(b) Report atypical usage of system accounts to [Assignment: organization-defined personnel or roles]. |
link |
13 |
|
op.exp.7 Incident management |
op.exp.7 Incident management |
404 not found |
|
|
|
n/a |
n/a |
|
103 |
|
op.exp.9 Incident management record |
op.exp.9 Incident management record |
404 not found |
|
|
|
n/a |
n/a |
|
30 |
|
org.2 Security regulations |
org.2 Security regulations |
404 not found |
|
|
|
n/a |
n/a |
|
100 |