NIST CSF 2.0 · All Functions · DE Detect · DE.AE Adverse Event Analysis

DE.AE-03

Information is correlated from multiple sources

Implementation examples

Ex1: Constantly transfer log data generated by other sources to a relatively small number of log servers
Ex2: Use event correlation technology (e.g., SIEM) to collect information captured by multiple sources
Ex3: Utilize cyber threat intelligence to help correlate events among log sources

Mapped NIST 800-53 r5 controls (7)

AU-06 CA-07 IR-04 IR-05 IR-08 PM-16 SI-04

Mapped CWE weaknesses (1)

Hover any chip for the human-reviewed coverage assessment in each direction. ← = the CWE covers this subcategory; → = this subcategory covers the CWE. F / M / P = full, mostly, partial.

CWE-778→P

All informative references (50)

AI-SOC: AI-SOC-11
AI-SOC: AI-SOC-22
CCMv4.0: LOG-03
CCMv4.0: LOG-05
CCMv4.0: SEF-05
CRI Profile v2.0: DE.AE-03
CRI Profile v2.0: DE.AE-03.01
CRI Profile v2.0: DE.AE-03.02
CSF v1.1: DE.AE-3
Guardian-SDK: GS-PF-03
ISO/IEC 27001:2022: Mandatory Clause: None
ISO/IEC 27001:2022: Annex A Controls: 8.15
ISO/IEC 27001:2022: Annex A Controls: 8.16
NICE Framework: IO-WRL-001
NICE Framework: IO-WRL-006
NICE Framework: PD-WRL-001
NICE Framework: PD-WRL-006
OWASP Top 10 LLM Applications: LLM01-2025
OWASP Top 10 LLM Applications: LLM04-2025
PCI DSS: 10.2.1
PCI DSS: 10.3.3
PCI DSS: 10.4.1
PCI DSS: 12.5.1
PCI DSS: 1.2.4
SCF: MON-02
SCF: MON-02.1
SCF: IRO-02
SCF: IRO-02.5
SDOS: SDOS-AU-01
SDOS: SDOS-AU-02
SP 800-171 Rev 3: 03.03.05
SP 800-171 Rev 3: 03.06.01
SP 800-171 Rev 3: 03.06.02
SP 800-171 Rev 3: 03.06.05
SP 800-171 Rev 3: 03.12.03
SP 800-171 Rev 3: 03.14.06
SP 800-53 Rev 5.1.1: AU-06
SP 800-53 Rev 5.1.1: CA-07
SP 800-53 Rev 5.1.1: PM-16
SP 800-53 Rev 5.1.1: IR-04
SP 800-53 Rev 5.1.1: IR-05
SP 800-53 Rev 5.1.1: IR-08
SP 800-53 Rev 5.1.1: SI-04
SP 800-53 Rev 5.2.0: AU-06
SP 800-53 Rev 5.2.0: CA-07
SP 800-53 Rev 5.2.0: PM-16
SP 800-53 Rev 5.2.0: IR-04
SP 800-53 Rev 5.2.0: IR-05
SP 800-53 Rev 5.2.0: IR-08
SP 800-53 Rev 5.2.0: SI-04

Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).