Section 60GG-2.004 - DetectThe detect function of the SFCS is visually represented as such:
Function | Category | Subcategory |
Detect (DE) | Anomalies and Events (AE) | DE.AE-1: Establish and manage a baseline of network operations and expected data flows for Users and systems |
DE.AE-2: Analyze detected Cybersecurity Events to understand attack targets and methods |
DE.AE-3: Collect and correlate Cybersecurity Event data from multiple sources and sensors |
DE.AE-4: Determine the impact of Cybersecurity Events |
DE.AE-5: Establish Incident alert thresholds |
Security Continuous Monitoring (CM) | DE.CM-1: Monitor the network to detect potential Cybersecurity Events |
DE.CM-2: Monitor the physical environment to detect potential Cybersecurity Events |
DE.CM-3: Monitor personnel activity to detect potential Cybersecurity Events |
DE.CM-4: Detect malicious code |
DE.CM-5: Detect unauthorized mobile code |
DE.CM-6: Monitor external service provider activity to detect potential Cybersecurity Events |
DE.CM-7: Monitor for unauthorized personnel, connections, devices, and software |
DE.CM-8: Perform vulnerability scans |
Detection Processes (DP) | DE.DP-1: Define roles and responsibilities for detection to ensure accountability |
DE.DP-2: Ensure that detection activities comply with all applicable requirements |
DE.DP-3: Test detection processes |
DE.DP-4: Communicate event detection information to stakeholders that should or must receive this information |
DE.DP-5: Continuously improve detection processes |
(1) Anomalies and Events. Each Agency shall develop policies and procedures that will facilitate detection of anomalous activity and that allow the Agency to understand the potential impact of events. Such policies and procedures shall:
(a) Establish and manage a baseline of network operations and expected data flows for Users and systems (DE.AE-1).(b) Detect and analyze anomalous Cybersecurity Events to determine attack targets and methods (DE.AE-2).1. Monitor for unauthorized wireless access points connected to the Agency internal network, and immediately remove them upon detection.2. Implement procedures to establish accountability for accessing and modifying exempt, or confidential and exempt, data stores to ensure inappropriate access or modification is detectable.(c) Collect and correlate Cybersecurity Event data from multiple sources and sensors (DE.AE-3).(d) Determine the impact of Cybersecurity Events (DE.AE-4).(e) Establish incident alert thresholds (DE.AE-5).(2) Security Continuous Monitoring. Each Agency shall determine the appropriate level of monitoring that will occur regarding IT Resources necessary to identify Cybersecurity Events and verify the effectiveness of protective measures. Such activities shall include:(a) Monitoring the network to detect potential Cybersecurity Events (DE.CM-1).(b) Monitoring for unauthorized IT Resource connections to the internal Agency network.(c) Monitoring the physical environment to detect potential Cybersecurity Events (DE.CM-2).(d) Monitoring user activity to detect potential Cybersecurity Events (DE.CM-3).(e) Monitoring for malicious code (DE.CM-4).(f) Monitoring for unauthorized mobile code (DE.CM-5).(g) Monitoring external service provider activity to detect potential Cybersecurity Events (DE.CM-6).(h) Monitoring for unauthorized personnel, connections, devices, and software (DE.CM-7).(i) Performing vulnerability scans (DE.CM-8). These shall be a part of the System Development Life Cycle (SDLC).(3) Detection Processes. Each Agency shall maintain and test detection processes and procedures to ensure awareness of anomalous events. These procedures shall be based on assigned risk and include the following: (a) Defining roles and responsibilities for detection to ensure accountability (DE.DP-1).(b) Ensuring that detection activities comply with all applicable requirements (DE.DP-2).(c) Testing detection processes (DE.DP-3).(d) Communicating event detection information to Stakeholders that should or must receive this information (DE.DP-4).(e) Continuously improving detection processes (DE.DP-5).Fla. Admin. Code Ann. R. 60GG-2.004
Rulemaking Authority 282.318(11) FS. Law Implemented 282.318(3) FS.
New 3-10-16, Amended 1-2-19, Formerly 74-2.004, Amended by Florida Register Volume 48, Number 174, September 7, 2022 effective 9/18/2022.New 3-10-16, Amended 1-2-19, Formerly 74-2.004, Amended 9-18-22.