Overview:
Monitor information system security alerts and advisories and take appropriate actions in response.
Action Items:
3.14.3[a]
Determine if: response actions to system security alerts and advisories are identified.
3.14.3[b]
Determine if: system security alerts and advisories are monitored.
3.14.3[c]
Determine if: actions in response to system security alerts and advisories are taken.
POTENTIAL ASSESSMENT METHODS AND OBJECTS
1
Examine: System and information integrity policy; procedures addressing security alerts, advisories, and directives; system security plan; records of security alerts and advisories; other relevant documents or records].
2
Interview: Personnel with security alert and advisory responsibilities; personnel implementing, operating, maintaining, and using the system; personnel, organizational elements, and external organizations to whom alerts, advisories, and directives are to be disseminated; system or network administrators; personnel with information security responsibilities].
3
Test: Organizational processes for defining, receiving, generating, disseminating, and complying with security alerts, advisories, and directives; mechanisms supporting or implementing definition, receipt, generation, and dissemination of security alert
Related Documents (document name and content will vary by organization):
1) System and information integrity policy
2) procedures addressing security alerts, advisories, and directives
3) system security plan
4) records of security alerts and advisories
5) other relevant documents or records
Additional Guidance:
The United States Computer Emergency Readiness Team (US-CERT) generates security alerts and advisories to maintain situational awareness across the federal government and in nonfederal organizations. Software vendors, subscription services, and relevant industry information sharing and analysis centers (ISACs) may also provide security alerts and advisories. Security directives are issued by designated organizations with the responsibility and authority to issue such directives. Compliance to security directives is essential due to the critical nature of many of these directives and the potential immediate adverse effects on organizational operations and assets, individuals, other organizations, and the Nation should the directives not be followed and corrective actions implemented in a timely manner. Examples of response actions include notifying relevant external organizations, for example, external mission/business partners, supply chain partners, external service providers, and other peer or supporting organizations.
Article ID: 211
Created: September 26, 2022
Last Updated: September 26, 2022
Author: Matthew Burdick
Online URL: http://www.compliancewiki.org/article/nist-800-171-security-alerts-advisories-and-directives-3-14-3-211.html