03.04.07 —
What this control requires
Source: NIST SP 800-171 R3 §03.04.07 (official control text).
Why this matters
Maintaining awareness of system operations means tracking who uses systems, what they do, and when anomalies occur. Without ongoing monitoring, unauthorized access, data exfiltration, malware persistence, and policy violations can go undetected for months. This control requires organizations to establish continuous visibility into system behavior through log aggregation, alerting mechanisms, and regular review processes. It protects against both external attackers who rely on stealth and insider threats who abuse legitimate access. Early detection dramatically reduces breach impact and supports incident response readiness.
What evidence assessors expect
Assessors typically look for: screenshot, configuration export, PDF. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.
Related controls
See your live posture on 03.04.07.
FORCE shows where you stand on this control and walks you through closing it.
Start a free trial tenant →