NIST CSF 2.0 · All Functions · DE Detect · DE.CM Continuous Monitoring

DE.CM-02

The physical environment is monitored to find potentially adverse events

Implementation examples

Ex1: Monitor logs from physical access control systems (e.g., badge readers) to find unusual access patterns (e.g., deviations from the norm) and failed access attempts
Ex2: Review and monitor physical access records (e.g., from visitor registration, sign-in sheets)
Ex3: Monitor physical access controls (e.g., locks, latches, hinge pins, alarms) for signs of tampering
Ex4: Monitor the physical environment using alarm systems, cameras, and security guards

Mapped NIST 800-53 r5 controls (4)

Mapped CWE weaknesses (1)

Hover any chip for the human-reviewed coverage assessment in each direction. ← = the CWE covers this subcategory; → = this subcategory covers the CWE. F / M / P = full, mostly, partial.

CWE-778←P

All informative references (38)

CCMv4.0: DCS-09
CCMv4.0: DCS-10
CCMv4.0: DCS-14
CCMv4.0: LOG-01
CCMv4.0: LOG-03
CCMv4.0: LOG-05
CCMv4.0: LOG-08
CCMv4.0: LOG-12
CCMv4.0: TVM-10
CRI Profile v2.0: DE.CM-02
CRI Profile v2.0: DE.CM-02.01
CSF v1.1: DE.CM-2
ISO/IEC 27001:2022: Mandatory Clause: None
ISO/IEC 27001:2022: Annex A Controls: 7.4
NICE Framework: DD-WRL-007
NICE Framework: IO-WRL-005
NICE Framework: IO-WRL-006
NICE Framework: OG-WRL-016
NICE Framework: PD-WRL-001
NICE Framework: PD-WRL-004
PCI DSS: 9.3.1.1
PCI DSS: 9.5.1.2
PCI DSS: 9.4.1.2
SCF: PES-01
SCF: PES-03
SCF: PES-03.3
SCF: PES-05
SP 800-171 Rev 3: 03.10.02
SP 800-171 Rev 3: 03.10.07
SP 800-171 Rev 3: 03.12.03
SP 800-53 Rev 5.1.1: CA-07
SP 800-53 Rev 5.1.1: PE-03
SP 800-53 Rev 5.1.1: PE-06
SP 800-53 Rev 5.1.1: PE-20
SP 800-53 Rev 5.2.0: CA-07
SP 800-53 Rev 5.2.0: PE-03
SP 800-53 Rev 5.2.0: PE-06
SP 800-53 Rev 5.2.0: PE-20

Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).