PM 16 THREAT AWARENESS PROGRAM - NIST-SP-800-53-R5/NIST-SP-800-53-R5.github.io GitHub Wiki

Control: Implement a threat awareness program that includes a cross-organization information-sharing capability for threat intelligence.

Discussion: Because of the constantly changing and increasing sophistication of adversaries, especially the advanced persistent threat (APT), it may be more likely that adversaries can successfully breach or compromise organizational systems. One of the best techniques to address this concern is for organizations to share threat information, including threat events (i.e., tactics, techniques, and procedures) that organizations have experienced, mitigations that organizations have found are effective against certain types of threats, and threat intelligence (i.e., indications and warnings about threats). Threat information sharing may be bilateral or multilateral. Bilateral threat sharing includes government-to-commercial and government-to- government cooperatives. Multilateral threat sharing includes organizations taking part in threat- sharing consortia. Threat information may require special agreements and protection, or it may be freely shared.

Related Controls: IR-4, PM-12.

Control Enhancements:

• (1) THREAT AWARENESS PROGRAM / AUTOMATED MEANS FOR SHARING THREAT INTELLIGENCE
  Employ automated mechanisms to maximize the effectiveness of sharing threat intelligence information.

  Discussion: To maximize the effectiveness of monitoring, it is important to know what threat observables and indicators the sensors need to be searching for. By using well-established frameworks, services, and automated tools, organizations improve their ability to rapidly share and feed the relevant threat detection signatures into monitoring tools.

  Related Controls: None.

References: None.