(a) Notify [Assignment: organization-defined incident response personnel (identified by name and/or by role)] of detected suspicious events; and (b) Take the following actions upon detection: [Assignment: organization-defined least-disruptive actions to terminate suspicious events].
[Withdrawn: Incorporated into AC-6(10).]
Test intrusion-monitoring tools and mechanisms [Assignment: organization-defined frequency].
Make provisions so that [Assignment: organization-defined encrypted communications traffic] is visible to [Assignment: organization-defined system monitoring tools and mechanisms].
Analyze outbound communications traffic at the external interfaces to the system and selected [Assignment: organization-defined interior points within the system] to discover anomalies.
Alert [Assignment: organization-defined personnel or roles] using [Assignment: organization-defined automated mechanisms] when the following indications of inappropriate or unusual activities with security or privacy implications occur: [Assignment: organization-defined activities that trigger alerts].
(a) Analyze communications traffic and event patterns for the system; (b) Develop profiles representing common traffic and event patterns; and (c) Use the traffic and event profiles in tuning system-monitoring devices.
Employ a wireless intrusion detection system to identify rogue wireless devices and to detect attack attempts and potential compromises or breaches to the system.
Employ an intrusion detection system to monitor wireless communications traffic as the traffic passes from wireless to wireline networks.
Correlate information from monitoring tools and mechanisms employed throughout the system.
Passcode