Monitoring and analysis requirements are established and maintained for the function and address timely review of event data
Context and Guidance: Monitoring and analysis requirements define the activities needed to provide information to stakeholders across the function on a regular basis to protect and sustain IT, OT, and information assets essential for the delivery of the function. The development of requirements should identify key stakeholders and how the monitoring and analysis requirements will satisfy their information needs. Monitoring requirements may be different for assets such as operations technology, field devices, mobile devices, virtualised assets, and assets residing in the cloud. The requirements should describe what data should be collected and how it should be analysed. Requirements should also specify time parameters for review of collected data and how the data will be distributed. Requirements should consider: • type of data and extent of data necessary • the granularity of data necessary • the format(s) of the data • the distribution frequency of the data • how the data will be distributed • the retention of the data • how often reviews should be performed
Related Practices • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: SITUATION-2a, SITUATION-2b, SITUATION-2c, SITUATION-2f, SITUATION-2g.