DE.CM-03:
Personnel activity and technology usage are monitored to find potentially adverse events
Implementation Examples
Ex1:
Use behavior analytics software to detect anomalous user activity to mitigate insider threats
Ex2:
Monitor logs from logical access control systems to find unusual access patterns and failed access attempts
Ex3:
Continuously monitor deception technology, including user accounts, for any usage