Date Published: June 2019
Comments Due:
Email Questions to:
Author(s)
Karen Waltermire (NIST), Kelley Burgin (MITRE), Chinedum Irrechukwu (MITRE), Harry Perper (MITRE), Susan Prince (MITRE), Devin Wynne (MITRE)
Announcement
The National Cybersecurity Center of Excellence (NCCoE) is seeking comments on a draft Project Description.
The NCCoE is proposing a project to explore continuous monitoring capabilities that can effectively, efficiently and automatically detect when a malicious actor—be it an authorized user or external actor—attempts to perform an action in an organization's IT infrastructure that could result in financial, reputational, and operational impacts to the organization.
Many organizations monitor business information technology (IT) infrastructure by manual inspection or computer-aided audits, which can result in after-the-fact detection of malicious-user access events.
This project will describe how to address this issue by collecting appropriate log data from the IT infrastructure. Furthermore, the continuous monitoring capabilities can also be used to automate analysis and reporting of the log data to alert the proper personnel in the organization with actionable information and guidance so they may take measures toward resolving the detected issue. This project will result in a freely available NIST Cybersecurity Practice Guide, which includes a reference architecture, a fully implemented example solution, and a detailed guide of practical steps needed to implement the solution.
Many organizations monitor business information technology (IT) infrastructure by manual inspection or computer-aided audits, which can result in after-the-fact detection of malicious-user access events.
This project explores continuous monitoring capabilities that can effectively, efficiently, and automatically detect when a malicious actor, be it an authorized user or an external actor, attempts to perform an action in an organization’s IT infrastructure that could result in financial, reputational, and operational impacts to the organization by collecting appropriate log data from the IT infrastructure. Furthermore, the continuous monitoring capabilities can also be used to automate analysis and reporting of the log data to alert the proper personnel in the organization with actionable information and guidance so they may take measures toward resolving the detected issue.
This project will result in a freely available NIST Cybersecurity Practice Guide, which includes a reference architecture, a fully implemented example solution, and a detailed guide of practical steps needed to implement the solution.
Many organizations monitor business information technology (IT) infrastructure by manual inspection or computer-aided audits, which can result in after-the-fact detection of malicious-user access events. This project explores continuous monitoring capabilities that can effectively, efficiently, and...
See full abstract
Many organizations monitor business information technology (IT) infrastructure by manual inspection or computer-aided audits, which can result in after-the-fact detection of malicious-user access events.
This project explores continuous monitoring capabilities that can effectively, efficiently, and automatically detect when a malicious actor, be it an authorized user or an external actor, attempts to perform an action in an organization’s IT infrastructure that could result in financial, reputational, and operational impacts to the organization by collecting appropriate log data from the IT infrastructure. Furthermore, the continuous monitoring capabilities can also be used to automate analysis and reporting of the log data to alert the proper personnel in the organization with actionable information and guidance so they may take measures toward resolving the detected issue.
This project will result in a freely available NIST Cybersecurity Practice Guide, which includes a reference architecture, a fully implemented example solution, and a detailed guide of practical steps needed to implement the solution.
Hide full abstract
Keywords
access management; compliance; continuous monitoring; medium business; small business; unauthorized access; user access control
Control Families
Access Control; Audit and Accountability; System and Information Integrity