Florida Administrative Code
60 - DEPARTMENT OF MANAGEMENT SERVICES
60GG - Florida Digital Service
Chapter 60GG-2 - STATE OF FLORIDA CYBERSECURITY STANDARDS
Section 60GG-2.004 - Detect

Universal Citation: FL Admin Code R 60GG-2.004

Current through Reg. 50, No. 187; September 24, 2024

The detect function of the SFCS is visually represented as such:

Function

Category

Subcategory

Detect (DE)

Anomalies and Events (AE)

DE.AE-1: Establish and manage a baseline of network operations and expected data flows for Users and systems

DE.AE-2: Analyze detected Cybersecurity Events to understand attack targets and methods

DE.AE-3: Collect and correlate Cybersecurity Event data from multiple sources and sensors

DE.AE-4: Determine the impact of Cybersecurity Events

DE.AE-5: Establish Incident alert thresholds

Security Continuous Monitoring (CM)

DE.CM-1: Monitor the network to detect potential Cybersecurity Events

DE.CM-2: Monitor the physical environment to detect potential Cybersecurity Events

DE.CM-3: Monitor personnel activity to detect potential Cybersecurity Events

DE.CM-4: Detect malicious code

DE.CM-5: Detect unauthorized mobile code

DE.CM-6: Monitor external service provider activity to detect potential Cybersecurity Events

DE.CM-7: Monitor for unauthorized personnel, connections, devices, and software

DE.CM-8: Perform vulnerability scans

Detection Processes (DP)

DE.DP-1: Define roles and responsibilities for detection to ensure accountability

DE.DP-2: Ensure that detection activities comply with all applicable requirements

DE.DP-3: Test detection processes

DE.DP-4: Communicate event detection information to stakeholders that should or must receive this information

DE.DP-5: Continuously improve detection processes

(1) Anomalies and Events. Each Agency shall develop policies and procedures that will facilitate detection of anomalous activity and that allow the Agency to understand the potential impact of events.

Such policies and procedures shall:

(a) Establish and manage a baseline of network operations and expected data flows for Users and systems (DE.AE-1).

(b) Detect and analyze anomalous Cybersecurity Events to determine attack targets and methods (DE.AE-2).
1. Monitor for unauthorized wireless access points connected to the Agency internal network, and immediately remove them upon detection.

2. Implement procedures to establish accountability for accessing and modifying exempt, or confidential and exempt, data stores to ensure inappropriate access or modification is detectable.

(c) Collect and correlate Cybersecurity Event data from multiple sources and sensors (DE.AE-3).

(d) Determine the impact of Cybersecurity Events (DE.AE-4).

(e) Establish incident alert thresholds (DE.AE-5).

(2) Security Continuous Monitoring. Each Agency shall determine the appropriate level of monitoring that will occur regarding IT Resources necessary to identify Cybersecurity Events and verify the effectiveness of protective measures. Such activities shall include:

(a) Monitoring the network to detect potential Cybersecurity Events (DE.CM-1).

(b) Monitoring for unauthorized IT Resource connections to the internal Agency network.

(c) Monitoring the physical environment to detect potential Cybersecurity Events (DE.CM-2).

(d) Monitoring user activity to detect potential Cybersecurity Events (DE.CM-3).

(e) Monitoring for malicious code (DE.CM-4).

(f) Monitoring for unauthorized mobile code (DE.CM-5).

(g) Monitoring external service provider activity to detect potential Cybersecurity Events (DE.CM-6).

(h) Monitoring for unauthorized personnel, connections, devices, and software (DE.CM-7).

(i) Performing vulnerability scans (DE.CM-8). These shall be a part of the System Development Life Cycle (SDLC).

(3) Detection Processes. Each Agency shall maintain and test detection processes and procedures to ensure awareness of anomalous events. These procedures shall be based on assigned risk and include the following:

(a) Defining roles and responsibilities for detection to ensure accountability (DE.DP-1).

(b) Ensuring that detection activities comply with all applicable requirements (DE.DP-2).

(c) Testing detection processes (DE.DP-3).

(d) Communicating event detection information to Stakeholders that should or must receive this information (DE.DP-4).

(e) Continuously improving detection processes (DE.DP-5).

Rulemaking Authority 282.318(11) FS. Law Implemented 282.318(3) FS.

New 3-10-16, Amended 1-2-19, Formerly 74-2.004, Amended 9-18-22.

Disclaimer: These regulations may not be the most recent version. Florida may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.