Implementation Objective
Detect malicious and abnormal activity early by improving telemetry quality, coverage, and analytic fidelity.
NIST CSF 2.0 Category
DE.CM Continuous Monitoring
DE Detect | Collect and analyze telemetry for high-confidence detection.
Implementation Actions
- Define priority log sources.
- Centralize telemetry and correlation.
- Tune detections from incident outcomes.
Evidence Examples
- Log source matrix
- Detection catalog
- Tuning records
Suggested Metrics
- Log coverage
- Mean time to detect
Framework Crosswalk
Direct mappings for this CSF category into NIST SP 800-171 family sections and CIS Controls v8 implementation domains.