NIST CSF 2.0 · All Functions · DE Detect · DE.AE Adverse Event Analysis

DE.AE-06

Information on adverse events is provided to authorized staff and tools

Implementation examples

Ex1: Use cybersecurity software to generate alerts and provide them to the security operations center (SOC), incident responders, and incident response tools
Ex2: Incident responders and other authorized personnel can access log analysis findings at all times
Ex3: Automatically create and assign tickets in the organization's ticketing system when certain types of alerts occur
Ex4: Manually create and assign tickets in the organization's ticketing system when technical staff discover indicators of compromise

Mapped NIST 800-53 r5 controls (6)

Mapped CWE weaknesses (4)

Hover any chip for the human-reviewed coverage assessment in each direction. ← = the CWE covers this subcategory; → = this subcategory covers the CWE. F / M / P = full, mostly, partial.

CWE-1220→P CWE-223←P CWE-778→P CWE-779→P

All informative references (44)

CCMv4.0: CCC-07
CCMv4.0: LOG-03
CCMv4.0: LOG-05
CCMv4.0: LOG-13
CCMv4.0: SEF-05
CCMv4.0: SEF-06
CRI Profile v2.0: DE.AE-06
CRI Profile v2.0: DE.AE-06.01
CSF v1.1: DE.DP-4
Guardian-SDK: GS-CF-02
ISO/IEC 27001:2022: Mandatory Clause: None
ISO/IEC 27001:2022: Annex A Controls: 5.26
NICE Framework: IO-WRL-006
NICE Framework: PD-WRL-001
NICE Framework: PD-WRL-005
NICE Framework: PD-WRL-006
NICE Framework: PD-WRL-007
PCI DSS: 12.10.1
PCI DSS: 10.3.1
PCI DSS: 10.3.3
PCI DSS: 12.10.3
SCF: MON-01.8
SCF: MON-01.12
SCF: MON-02
SCF: MON-02.1
SCF: IRO-02
SCF: IRO-02.4
SCF: IRO-04
SCF: IRO-07
SCF: IRO-09
SCF: IRO-10
SDOS: SDOS-AU-01
SDOS: SDOS-AU-03
SP 800-171 Rev 3: 03.06.01
SP 800-53 Rev 5.1.1: IR-04
SP 800-53 Rev 5.1.1: PM-15
SP 800-53 Rev 5.1.1: PM-16
SP 800-53 Rev 5.1.1: RA-03
SP 800-53 Rev 5.1.1: RA-10
SP 800-53 Rev 5.2.0: IR-04
SP 800-53 Rev 5.2.0: PM-15
SP 800-53 Rev 5.2.0: PM-16
SP 800-53 Rev 5.2.0: RA-04
SP 800-53 Rev 5.2.0: RA-10

Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).