Continuous Monitoring (DE.CM)

Assets are monitored to find anomalies, indicators of compromise, and other potentially adverse events

Subcategories

Networks and network services are monitored to find potentially adverse events

The physical environment is monitored to find potentially adverse events

Personnel activity and technology usage are monitored to find potentially adverse events

Malicious code is detected

[Withdrawn: Incorporated into DE.CM-01, DE.CM-09]

Unauthorized mobile code is detected

[Withdrawn: Incorporated into DE.CM-01, DE.CM-09]

Monitoring for unauthorized personnel, connections, devices, and software is performed

[Withdrawn: Incorporated into DE.CM-01, DE.CM-03, DE.CM-06, DE.CM-09]

Vulnerability scans are performed

[Withdrawn: Incorporated into ID.RA-01]

Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events

Frameworks and Controls

NIST Cybersecurity Framework V2.0