NIST 800-53 REV 5 • SYSTEM AND INFORMATION INTEGRITY

SI-4(17)Integrated Situational Awareness

Correlate information from monitoring physical, cyber, and supply chain activities to achieve integrated, organization-wide situational awareness.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Correlating monitoring information from a more diverse set of information sources helps to achieve integrated situational awareness. Integrated situational awareness from a combination of physical, cyber, and supply chain monitoring activities enhances the capability of organizations to more quickly detect sophisticated attacks and investigate the methods and techniques employed to carry out such attacks. In contrast to [SI-4(16)](#si-4.16) , which correlates the various cyber monitoring information, integrated situational awareness is intended to correlate monitoring beyond the cyber domain. Correlation of monitoring information from multiple activities may help reveal attacks on organizations that are operating across multiple attack vectors.

Practitioner Notes

Integrate your monitoring data with broader situational awareness — connecting cyber events with physical security events, threat intelligence, and operational context.

Example 1: Feed physical access control logs (badge swipes) into your SIEM alongside cyber events. If someone authenticates to the network from the office but their badge shows they never entered the building, that is a strong indicator their credentials are compromised.

Example 2: Subscribe to CISA alerts and sector-specific threat intelligence feeds. When a threat advisory targets your industry, increase your monitoring sensitivity for the specific indicators of compromise mentioned in the advisory.

More System and Information Integrity Controls

SI-1 Policy and Procedures SI-2 Flaw Remediation SI-2(1) Central Management SI-2(2) Automated Flaw Remediation Status