Table 2: Framework Core - DETECT (DE), Detection Processes (DE.DP)
Table 2: Framework Core
| Function | Category | Subcategory | Informative References | ||||
| DETECT (DE) | Detection Processes (DE.DP): Detection processes and procedures are maintained and tested to ensure awareness of anomalous events. | DE.DP-1: Roles and responsibilities for detection are well defined to ensure accountability | CIS CSC 19 COBIT 5 APO01.02, DSS05.01, DSS06.03 ISA 62443-2-1:2009 4.4.3.1 ISO/IEC 27001:2013 A.6.1.1, A.7.2.2 NIST SP 800-53 Rev. 4 CA-2, CA-7, PM-14 | ||||
| DE.DP-2: Detection activities comply with all applicable requirements | COBIT 5 DSS06.01, MEA03.03, MEA03.04 ISA 62443-2-1:2009 4.4.3.2 ISO/IEC 27001:2013 A.18.1.4, A.18.2.2, A.18.2.3 NIST SP 800-53 Rev. 4 AC-25, CA-2, CA-7, SA- 18, SI-4, PM-14 | ||||||
| DE.DP-3: Detection processes are tested | COBIT 5 APO13.02, DSS05.02 ISA 62443-2-1:2009 4.4.3.2 ISA 62443-3-3:2013 SR 3.3 ISO/IEC 27001:2013 A.14.2.8 NIST SP 800-53 Rev. 4 CA-2, CA-7, PE-3, SI-3, SI-4, PM-14 | ||||||
| DE.DP-4: Event detection information is communicated | CIS CSC 19 COBIT 5 APO08.04, APO12.06, DSS02.05 ISA 62443-2-1:2009 4.3.4.5.9 ISA 62443-3-3:2013 SR 6.1 ISO/IEC 27001:2013 A.16.1.2, A.16.1.3 NIST SP 800-53 Rev. 4 AU-6, CA-2, CA-7, RA- 5, SI-4 | ||||||
| DE.DP-5: Detection processes are continuously improved | COBIT 5 APO11.06, APO12.06, DSS04.05 ISA 62443-2-1:2009 4.4.3.4 ISO/IEC 27001:2013 A.16.1.6 NIST SP 800-53 Rev. 4, CA-2, CA-7, PL-2, RA- 5, SI-4, PM-14 | ||||||