SI.5.223 Monitor individuals and system components on an ongoing basis for anomalous or suspicious behavior.

CMMC Practice SI.5.223: Monitor individuals and system components on an ongoing basis for anomalous or suspicious behavior.

CMMC CLARIFICATION (Ref CMMC – Appendix B)

Monitoring for anomalous or suspicious behavior can be done with signatures, statistical analysis, analytics or machine learning on user activity events. The analysis seeks to find patterns amongst data generated by user activity. This is different than traditional security applications that analyze events. This class of analysis is typically called User and Entity Behavior Analytics (UEBA).