CAF Outcome C1.e: Monitoring Tools and Skills

From the UK NCSC's Cyber Assessment Framework (version 3.1):

Monitoring staff skills, tools and roles, including any that are out sourced, should reflect governance and reporting requirements, expected threats and the complexities of the network or system data they need to use. Monitoring staff have knowledge of the essential functions they need to protect.

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

NCSC CAF Mapped to NIST CSF

C1.e: Monitoring Tools and Skills to CSF mappings generated from UK Cabinet Office table.

Control ID	Description
RS.CO-3	Information is shared consistent with response plans
DE.AE-2	Detected events are analyzed to understand attack targets and methods
DE.DP-5	Detection processes are continuously improved
RS.CO-2	Incidents are reported consistent with established criteria
RS.AN-1	Notifications from detection systems are investigated

Related SP800-53 Controls

Generated from NISTs SP800-53/CSF Crosswalk mappings.

Node
RA-5: Vulnerability Monitoring and Scanning
IR-4: Incident Handling
CA-2: Control Assessments
IR-8: Incident Response Plan
CP-2: Contingency Plan
PE-6: Monitoring Physical Access
CA-7: Continuous Monitoring
SI-4: System Monitoring
AU-6: Audit Record Review, Analysis, and Reporting
PM-14: Testing, Training, and Monitoring
PL-2: System Security and Privacy Plans
IR-6: Incident Reporting
IR-5: Incident Monitoring