DE.CM-09: Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events
Ex1: Monitor email, web, file sharing, collaboration services, and other common attack vectors to detect malware, phishing, data leaks and exfiltration, and other adverse events
Ex2: Monitor authentication attempts to identify attacks against credentials and unauthorized credential reuse
Ex3: Monitor software configurations for deviations from security baselines
Ex4: Monitor hardware and software for signs of tampering
Ex5: Use technologies with a presence on endpoints to detect cyber health issues (e.g., missing patches, malware infections, unauthorized software), and redirect the endpoints to a remediation environment before access is authorized
Tier
Description
Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events