Provide security awareness training on recognizing and reporting potential indicators of insider threat.
Provide awareness training upon initial hire, following a significant cyber event, and at least annually, focused on recognizing and responding to threats from social engineering, advanced persistent threat actors, breaches, and suspicious behaviors; update the training at least annually or when there are significant changes to the threat.
Include practical exercises in awareness training for all users, tailored by roles, to include general users, users with specialized roles, and privileged users, that are aligned with current threat scenarios and provide feedback to individuals involved in the training and their supervisors.
Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity.
Ensure that the actions of individual system users, can be uniquely traced to those users so they can be held accountable for their actions.
Review and update logged events.
Alert in the event of an audit logging process failure.
Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity.
Provide audit record reduction and report generation to support on-demand analysis and reporting.
Provide a system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for audit records.