NIST CSF: DE.AE-2 Subcategory

From NIST's Cyber Security Framework (version 1):

Detected events are analyzed to understand attack targets and methods

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

CSF Mapped to SP800-53 Controls

Generated from NIST's SP800-53/CSF Crosswalk mappings.

Related ISO 27001 Controls

Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

  • Responsibilities and procedures (16.1.1)
    ISO 27001:2013
  • Event Logging (12.4.1)
    ISO 27001:2013
  • Assessment of and decision on information security events (16.1.4)
    ISO 27001:2013

Related ISA/IEC 62443 Controls

Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

  • Timestamps (SR 2.11)
    ISA/IEC 62443-3-3:2013
  • Protection of audit information (SR 3.9)
    ISA/IEC 62443-3-3:2013
  • Auditable events (SR 2.8)
    ISA/IEC 62443-3-3:2013
  • Response to audit processing failures (SR 2.10)
    ISA/IEC 62443-3-3:2013
  • Non-repudiation (SR 2.12)
    ISA/IEC 62443-3-3:2013
  • Document the details of incidents (4.3.4.5.8)
    ISA/IEC 62443-2-1:2009
  • Identify failed and successful cyber security breaches (4.3.4.5.7)
    ISA/IEC 62443-2-1:2009
  • Audit storage capacity (SR 2.9)
    ISA/IEC 62443-3-3:2013
  • Identify and respond to incidents (4.3.4.5.6)
    ISA/IEC 62443-2-1:2009
  • Continuous monitoring (SR 6.2)
    ISA/IEC 62443-3-3:2013
  • Audit log accessibility (SR 6.1)
    ISA/IEC 62443-3-3:2013

MITRE ATT&CK Techniques

See which MITRE ATT&CK techniques this control helps to protect against. This is based on mappings to associated SP800-53 controls.

CSF Mapped to the NCSC CAF

Cyber Assessment Framework mappings generated from UK Cabinet Office data.