NIST 800-53 REV 5 • SYSTEM AND INFORMATION INTEGRITY

SI-4(3)Automated Tool and Mechanism Integration

Employ automated tools and mechanisms to integrate intrusion detection tools and mechanisms into access control and flow control mechanisms.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Using automated tools and mechanisms to integrate intrusion detection tools and mechanisms into access and flow control mechanisms facilitates a rapid response to attacks by enabling the reconfiguration of mechanisms in support of attack isolation and elimination.

Practitioner Notes

Integrate your monitoring tools so they share data and provide a unified view of your security posture rather than operating as isolated silos.

Example 1: Configure your firewall, IDS, endpoint protection, and cloud services to all feed logs into your SIEM. Create correlation rules that connect events across sources — a firewall alert plus an endpoint detection plus an authentication anomaly together may indicate a coordinated attack.

Example 2: Integrate Microsoft Defender for Endpoint with Microsoft Sentinel. Endpoint detections automatically appear in Sentinel, where they can be correlated with Azure AD sign-in logs, email security events, and cloud app activity for a complete picture of an incident.

More System and Information Integrity Controls

SI-1 Policy and Procedures SI-2 Flaw Remediation SI-2(1) Central Management SI-2(2) Automated Flaw Remediation Status