NIST CSF 2.0 · All Functions · DE Detect · DE.CM Continuous Monitoring

DE.CM-09

Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events

Implementation examples

Ex1: Monitor email, web, file sharing, collaboration services, and other common attack vectors to detect malware, phishing, data leaks and exfiltration, and other adverse events
Ex2: Monitor authentication attempts to identify attacks against credentials and unauthorized credential reuse
Ex3: Monitor software configurations for deviations from security baselines
Ex4: Monitor hardware and software for signs of tampering
Ex5: Use technologies with a presence on endpoints to detect cyber health issues (e.g., missing patches, malware infections, unauthorized software), and redirect the endpoints to a remediation environment before access is authorized

Mapped NIST 800-53 r5 controls (12)

AC-04 AC-09 AU-12 CA-07 CM-03 CM-06 CM-10 CM-11 SC-34 SC-35 SI-04 SI-07

Mapped CWE weaknesses (3)

Hover any chip for the human-reviewed coverage assessment in each direction. ← = the CWE covers this subcategory; → = this subcategory covers the CWE. F / M / P = full, mostly, partial.

CWE-1299→P CWE-223→P CWE-778←P →M

All informative references (91)

AI-SOC: AI-SOC-02
AI-SOC: AI-SOC-03
CCMv4.0: CCC-07
CCMv4.0: IVS-06
CCMv4.0: LOG-01
CCMv4.0: LOG-03
CCMv4.0: LOG-05
CCMv4.0: LOG-08
CCMv4.0: LOG-10
CCMv4.0: LOG-11
CCMv4.0: TVM-02
CCMv4.0: TVM-10
CCMv4.0: UEM-09
CCMv4.0: UEM-10
CCMv4.0: UEM-11
CIS Controls v8.0: 10.1
CIS Controls v8.1: 10.1
CRI Profile v2.0: DE.CM-09
CRI Profile v2.0: DE.CM-09.01
CRI Profile v2.0: DE.CM-09.02
CRI Profile v2.0: DE.CM-09.03
CSF v1.1: PR.DS-6
CSF v1.1: PR.DS-8
CSF v1.1: DE.CM-4
CSF v1.1: DE.CM-5
CSF v1.1: DE.CM-7
Guardian-SDK: GS-PF-01
Guardian-SDK: GS-PF-02
Guardian-SDK: GS-PF-04
Guardian-SDK: GS-MM-01
ISO/IEC 27001:2022: Mandatory Clause: None
ISO/IEC 27001:2022: Annex A Controls: 8.16
NICE Framework: DD-WRL-005
NICE Framework: DD-WRL-007
NICE Framework: IO-WRL-006
NICE Framework: OG-WRL-016
NICE Framework: PD-WRL-001
NICE Framework: PD-WRL-004
OWASP Top 10 LLM Applications: LLM01-2025
OWASP Top 10 LLM Applications: LLM04-2025
OWASP Top 10 LLM Applications: LLM05-2025
OWASP Top 10 LLM Applications: LLM08-2025
OWASP Top 10 LLM Applications: LLM10-2025
PCI DSS: 5.2.1
PCI DSS: 5.2.2
PCI DSS: 5.3.2
PCI DSS: 11.3.1
PCI DSS: 11.3.2
PCI DSS: 6.4.3
PCI DSS: 10.3.4
SCF: MON-01
SCF: MON-01.7
SCF: END-01
SCF: END-04
SCF: END-06
SDOS: SDOS-AU-02
SDOS: SDOS-IN-01
SDOS: SDOS-IN-03
SP 800-171 Rev 3: 03.01.03
SP 800-171 Rev 3: 03.03.03
SP 800-171 Rev 3: 03.04.02
SP 800-171 Rev 3: 03.04.03
SP 800-171 Rev 3: 03.12.03
SP 800-171 Rev 3: 03.14.06
SP 800-53 Rev 5.1.1: AC-04
SP 800-53 Rev 5.1.1: AC-09
SP 800-53 Rev 5.1.1: AU-12
SP 800-53 Rev 5.1.1: CA-07
SP 800-53 Rev 5.1.1: CM-03
SP 800-53 Rev 5.1.1: CM-06
SP 800-53 Rev 5.1.1: CM-10
SP 800-53 Rev 5.1.1: CM-11
SP 800-53 Rev 5.1.1: SC-34
SP 800-53 Rev 5.1.1: SC-35
SP 800-53 Rev 5.1.1: SI-04
SP 800-53 Rev 5.1.1: SI-07
SP 800-53 Rev 5.2.0: AC-04
SP 800-53 Rev 5.2.0: AC-09
SP 800-53 Rev 5.2.0: AU-12
SP 800-53 Rev 5.2.0: CA-07
SP 800-53 Rev 5.2.0: CM-03
SP 800-53 Rev 5.2.0: CM-06
SP 800-53 Rev 5.2.0: CM-10
SP 800-53 Rev 5.2.0: CM-11
SP 800-53 Rev 5.2.0: SC-34
SP 800-53 Rev 5.2.0: SC-35
SP 800-53 Rev 5.2.0: SI-04
SP 800-53 Rev 5.2.0: SI-07
SP 800-81r3: 2.1.3
SP 800-81r3: 3.6.3
SP 800-81r3: 4.2.4

Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).