DE.CM-03 - Tracking Personnel and Technology Usage
DE.CM-03 monitors personnel activity and technology usage to identify potentially adverse events, such as insider threats or policy violations, using tools like behavior analytics and access logs. This includes tracking unusual access patterns or interactions with deception technologies, like honeypot accounts, to detect malicious intent. It focuses on the human element of security risks.
This subcategory enhances insider threat detection by providing visibility into user actions, ensuring deviations from norms trigger investigation. It aligns monitoring with risk strategies, prioritizing high-privilege users or critical systems. DE.CM-03 strengthens defenses against both intentional and unintentional personnel-related risks.
