Cyber Posture

NIST CSF 2.0 · All Functions · DE Detect

DE.AE — Adverse Event Analysis

Anomalies, indicators of compromise, and other potentially adverse events are analyzed to characterize the events and detect cybersecurity incidents

DE.AE-02

Potentially adverse events are analyzed to better understand associated activities

4 implementation example(s) · 4 mapped NIST 800-53 control(s)

DE.AE-03

Information is correlated from multiple sources

3 implementation example(s) · 7 mapped NIST 800-53 control(s)

DE.AE-04

The estimated impact and scope of adverse events are understood

2 implementation example(s) · 5 mapped NIST 800-53 control(s)

DE.AE-06

Information on adverse events is provided to authorized staff and tools

4 implementation example(s) · 6 mapped NIST 800-53 control(s)

DE.AE-07

Cyber threat intelligence and other contextual information are integrated into the analysis

3 implementation example(s) · 3 mapped NIST 800-53 control(s)

DE.AE-08

Incidents are declared when adverse events meet the defined incident criteria

2 implementation example(s) · 2 mapped NIST 800-53 control(s)

Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).