NIST 800-53 REV 5 • SYSTEM AND INFORMATION INTEGRITY

SI-4(21)Probationary Periods

Implement the following additional monitoring of individuals during {{ insert: param, si-04.21_odp.02 }}: {{ insert: param, si-04.21_odp.01 }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

During probationary periods, employees do not have permanent employment status within organizations. Without such status or access to information that is resident on the system, additional monitoring can help identify any potentially malicious activity or inappropriate behavior.

Practitioner Notes

Apply enhanced monitoring during probationary periods for new employees, contractors, or users who have been flagged for security concerns.

Example 1: Configure your SIEM to apply a "heightened monitoring" tag to user accounts during the first 90 days of employment. Additional alert rules trigger for these accounts — large file downloads, access outside business hours, or attempts to access restricted systems.

Example 2: Use Microsoft Purview Insider Risk Management to create a policy that applies increased scrutiny to users flagged by HR — those on performance improvement plans or who have given notice of resignation. Monitor for bulk data downloads and unusual sharing patterns.

More System and Information Integrity Controls

SI-1 Policy and Procedures SI-2 Flaw Remediation SI-2(1) Central Management SI-2(2) Automated Flaw Remediation Status