NIST CSF 2.0 · All Functions · DE Detect · DE.CM Continuous Monitoring

DE.CM-06

External service provider activities and services are monitored to find potentially adverse events

Implementation examples

Ex1: Monitor remote and onsite administration and maintenance activities that external providers perform on organizational systems
Ex2: Monitor activity from cloud-based services, internet service providers, and other service providers for deviations from expected behavior

Mapped NIST 800-53 r5 controls (5)

Mapped CWE weaknesses (1)

Hover any chip for the human-reviewed coverage assessment in each direction. ← = the CWE covers this subcategory; → = this subcategory covers the CWE. F / M / P = full, mostly, partial.

CWE-223←P →P

All informative references (45)

AI-SOC: AI-SOC-26
AI-SOC: AI-SOC-11
CCMv4.0: LOG-01
CCMv4.0: LOG-03
CCMv4.0: LOG-05
CCMv4.0: LOG-08
CCMv4.0: TVM-10
CIS Controls v8.0: 15.2
CIS Controls v8.0: 15.6
CIS Controls v8.1: 15.2
CIS Controls v8.1: 15.6
CRI Profile v2.0: DE.CM-06
CRI Profile v2.0: DE.CM-06.01
CRI Profile v2.0: DE.CM-06.02
CSF v1.1: DE.CM-6
CSF v1.1: DE.CM-7
Guardian-SDK: GS-AG-02
ISO/IEC 27001:2022: Mandatory Clause: None
ISO/IEC 27001:2022: Annex A Controls: 5.22
ISO/IEC 27001:2022: Annex A Controls: 8.16
NICE Framework: DD-WRL-007
NICE Framework: IO-WRL-006
NICE Framework: OG-WRL-016
NICE Framework: PD-WRL-001
NICE Framework: PD-WRL-004
OWASP Top 10 LLM Applications: LLM03-2025
PCI DSS: 12.8.4
PCI DSS: 7.2.4
PCI DSS: 10.2.1
SCF: MON-01
SDOS: SDOS-AU-02
SDOS: SDOS-EN-04
SP 800-171 Rev 3: 03.12.03
SP 800-171 Rev 3: 03.14.06
SP 800-171 Rev 3: 03.16.03
SP 800-53 Rev 5.1.1: CA-07
SP 800-53 Rev 5.1.1: PS-07
SP 800-53 Rev 5.1.1: SA-04
SP 800-53 Rev 5.1.1: SA-09
SP 800-53 Rev 5.1.1: SI-04
SP 800-53 Rev 5.2.0: CA-07
SP 800-53 Rev 5.2.0: PS-07
SP 800-53 Rev 5.2.0: SA-04
SP 800-53 Rev 5.2.0: SA-09
SP 800-53 Rev 5.2.0: SI-04

Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).