NIST 800-53 REV 5 • SYSTEM AND INFORMATION INTEGRITY
SI-4(12) — Automated Organization-generated Alerts
Alert {{ insert: param, si-04.12_odp.01 }} using {{ insert: param, si-04.12_odp.02 }} when the following indications of inappropriate or unusual activities with security or privacy implications occur: {{ insert: param, si-04.12_odp.03 }}.
CMMC Practice Mapping
No direct CMMC mapping
NIST 800-171 Mapping
No direct NIST 800-171 mapping
Related Controls
No related controls listed
Supplemental Guidance
Organizational personnel on the system alert notification list include system administrators, mission or business owners, system owners, senior agency information security officer, senior agency official for privacy, system security officers, or privacy officers. Automated organization-generated alerts are the security alerts generated by organizations and transmitted using automated means. The sources for organization-generated alerts are focused on other entities such as suspicious activity reports and reports on potential insider threats. In contrast to alerts generated by the organization, alerts generated by the system in [SI-4(5)](#si-4.5) focus on information sources that are internal to the systems, such as audit records.
Practitioner Notes
Generate automated alerts when organizational security policies are violated — not just when external attacks occur.
Example 1: Configure your SIEM to alert when security policies are violated: software installed without approval, firewall rules changed outside maintenance windows, user accounts created by non-authorized personnel, or sensitive data shared to external recipients.
Example 2: Use Microsoft Purview Insider Risk Management to automatically flag policy violations like bulk file downloads, printing of sensitive documents before a resignation, or emailing CUI to personal email accounts. Alerts are routed to your security team for investigation.