NIST CSF 2.0 Category

DE.AE Adverse Event Analysis

DE Detect | Analyze suspicious events to determine impact and required response.

Implementation Objective

Rapidly classify and investigate suspicious activity so response actions are proportional, timely, and evidence-based.

Implementation Actions

Define triage and severity model.
Correlate multi-source evidence.
Capture root cause and impact.

Evidence Examples

Triage runbook
Case records
Incident analysis reports

Suggested Metrics

Triage cycle time
Escalation quality rate

Framework Crosswalk

Direct mappings for this CSF category into NIST SP 800-171 family sections and CIS Controls v8 implementation domains.

NIST SP 800-171 Families

CIS Controls v8

Navigation

Back to NIST CSF 2.0 Categories CIS Controls v8 Guidance FedRAMP Guidance Cybersecurity Glossary