DE.AE-06: Information on adverse events is provided to authorized staff and tools
Ex1: Use cybersecurity software to generate alerts and provide them to the security operations center (SOC), incident responders, and incident response tools
Ex2: Incident responders and other authorized personnel can access log analysis findings at all times
Ex3: Automatically create and assign tickets in the organization’s ticketing system when certain types of alerts occur
Ex4: Manually create and assign tickets in the organization’s ticketing system when technical staff discover indicators of compromise
Tier
Description
Information on adverse events is provided to authorized staff and tools