FedRAMP Controls / SI
SI-7(7) Integration of Detection and Response
Family SI
Baselines moderate
Mapped KSIs 4
Control statement
Incorporate the detection of the following unauthorized changes into the organizational incident response capability: {{ insert: param, si-07.07_odp }}. Parameter placeholders {{ insert: param, … }} reference FedRAMP-set values in the resolved profile. Full parameter map is
preserved in the catalog database.
Covered by these Key Security Indicators
| KSI | Title | Category |
|---|---|---|
| KSI-AFR-05 | Significant Change Notifications Determine how significant changes will be tracked and how all necessary parties will be notified in alignment with the FedRAMP Significant Change Notifications (SCN) process and persistently address all related requirements and recommendations. | Authorization by FedRAMP |
| KSI-MLA-01 | Security Information and Event Management (SIEM) Operate a Security Information and Event Management (SIEM) or similar system(s) for centralized, tamper-resistent logging of events, activities, and changes. | Monitoring, Logging, and Auditing |
| KSI-MLA-05 | Evaluate Configuration _Persistently_ evaluate and test the configuration of _machine-based_ _information resources_, especially infrastructure as code. | Monitoring, Logging, and Auditing |
| KSI-MLA-07 | Event Types Maintain a list of information resources and event types that will be monitored, logged, and audited, then do so. | Monitoring, Logging, and Auditing |