Back to Control Explorer
SI.2.214
Content
Control Acronym
SI
Family
System And Information Integrity
CMMC Level
2
800-171 Control #
3.14.3
CMMC Description
Monitor system security alerts and advisories and take action in response.
CMMC Clarification
Organizations should receive security alerts, advisories, and directives from reputable external organizations. You base identification of these organizations on sector, industry, and the technology you use. There are many ways to received alerts and advisories and may include: * signing up for email distributions * subscribing to RSS feeds * attending meetings. Organizations should review alerts and advisories for applicability as they receive them. An organization decides on its own review cycle. The more frequent the alerts and advisories, the more frequent the reviews. This ensures that the organization has the most up-to-date information. External alerts and advisories may prompt an organization to generate internal security alerts, advisories, or directives. Share these with all personnel with a need-to-know. The individuals should take action to respond to the alerts. Actions vary according to the alert or advisory. Sometimes it may require a system configuration update. Other times, the organization may use the information for situational awareness purposes. Example One of your IT responsibilities is to protect your organization’s computers. As part of your job you decide you need to pay attention to security alerts and advisories to keep aware of the latest threats and risks. You decide to receive alerts from US-CERT and a set of ISACs. You review the alerts on a weekly basis to determine if they are relevant to your organization. When you identify one you follow your plan to correct information system flaws in a timely manner, such as installing a patch.
800-171 Description
Monitor system security alerts and advisories and take action in response.
800-171 Discussion
There are many publicly available sources of system security alerts and advisories. For example, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) generates security alerts and advisories to maintain situational awareness across the federal government and in nonfederal organizations. Software vendors, subscription services, and industry information sharing and analysis centers (ISACs) may also provide security alerts and advisories. Examples of response actions include notifying relevant external organizations, for example, external mission/business partners, supply chain partners, external service providers, and peer or supporting organizations[SP 800-161] provides guidance on supply chain risk management.
Other Source Discussion
N/A
CIS Control References
CIS Controls v7.1 6.5, 6.6
NIST 800-53 Control Ref.
NIST SP 800-53 Rev 4 SI-5
CMMC Derived
NIST CSF Control References
NIST 800-171 References
NIST SP 800-171 Rev 1 3.14.3
Applicable FAR Clause
NIST CSF Control Reference
NIST CSF v1.1 RS.AN-5
CERT RMM Reference
CERT RMM v1.2 IMC:SG2.SP1
Modification of NIST 800-171B Reference
NIST 800-171B Reference
UK NCSCCyber Reference
AS ACSC Reference
Sub-Criterias
Assessment Sub-Criteria 1
SI.2.214.[a] response actions to system security alerts and advisories are identified;
Assessment Sub-Criteria 2
SI.2.214.[b] system security alerts and advisories are monitored; and
Assessment Sub-Criteria 3
SI.2.214.[c] actions in response to system security alerts and advisories are taken.