Florida Regulations 60GG-2.004: Detect
Function
Category
Subcategory
Detect (DE)
Anomalies and Events (AE)
DE.AE-1: Establish and manage a baseline of network operations and expected data flows for Users and systems
DE.AE-2: Analyze detected Cybersecurity Events to understand attack targets and methods
DE.AE-3: Collect and correlate Cybersecurity Event data from multiple sources and sensors
DE.AE-4: Determine the impact of Cybersecurity Events
DE.AE-5: Establish Incident alert thresholds
Security Continuous Monitoring (CM)
DE.CM-1: Monitor the network to detect potential Cybersecurity Events
DE.CM-2: Monitor the physical environment to detect potential Cybersecurity Events
DE.CM-3: Monitor personnel activity to detect potential Cybersecurity Events
DE.CM-4: Detect malicious code
DE.CM-5: Detect unauthorized mobile code
DE.CM-6: Monitor external service provider activity to detect potential Cybersecurity Events
DE.CM-7: Monitor for unauthorized personnel, connections, devices, and software
DE.CM-8: Perform vulnerability scans
Detection Processes (DP)
DE.DP-1: Define roles and responsibilities for detection to ensure accountability
DE.DP-2: Ensure that detection activities comply with all applicable requirements
DE.DP-3: Test detection processes
DE.DP-4: Communicate event detection information to stakeholders that should or must receive this information
DE.DP-5: Continuously improve detection processes
Terms Used In Florida Regulations 60GG-2.004
- Baseline: Projection of the receipts, outlays, and other budget amounts that would ensue in the future without any change in existing policy. Baseline projections are used to gauge the extent to which proposed legislation, if enacted into law, would alter current spending and revenue levels.
Such policies and procedures shall:
(a) Establish and manage a baseline of network operations and expected data flows for Users and systems (DE.AE-1).
(b) Detect and analyze anomalous Cybersecurity Events to determine attack targets and methods (DE.AE-2).
1. Monitor for unauthorized wireless access points connected to the Agency internal network, and immediately remove them upon detection.
2. Implement procedures to establish accountability for accessing and modifying exempt, or confidential and exempt, data stores to ensure inappropriate access or modification is detectable.
(c) Collect and correlate Cybersecurity Event data from multiple sources and sensors (DE.AE-3).
(d) Determine the impact of Cybersecurity Events (DE.AE-4).
(e) Establish incident alert thresholds (DE.AE-5).
(2) Security Continuous Monitoring. Each Agency shall determine the appropriate level of monitoring that will occur regarding IT Resources necessary to identify Cybersecurity Events and verify the effectiveness of protective measures. Such activities shall include:
(a) Monitoring the network to detect potential Cybersecurity Events (DE.CM-1).
(b) Monitoring for unauthorized IT Resource connections to the internal Agency network.
(c) Monitoring the physical environment to detect potential Cybersecurity Events (DE.CM-2).
(d) Monitoring user activity to detect potential Cybersecurity Events (DE.CM-3).
(e) Monitoring for malicious code (DE.CM-4).
(f) Monitoring for unauthorized mobile code (DE.CM-5).
(g) Monitoring external service provider activity to detect potential Cybersecurity Events (DE.CM-6).
(h) Monitoring for unauthorized personnel, connections, devices, and software (DE.CM-7).
(i) Performing vulnerability scans (DE.CM-8). These shall be a part of the System Development Life Cycle (SDLC).
(3) Detection Processes. Each Agency shall maintain and test detection processes and procedures to ensure awareness of anomalous events. These procedures shall be based on assigned risk and include the following:
(a) Defining roles and responsibilities for detection to ensure accountability (DE.DP-1).
(b) Ensuring that detection activities comply with all applicable requirements (DE.DP-2).
(c) Testing detection processes (DE.DP-3).
(d) Communicating event detection information to Stakeholders that should or must receive this information (DE.DP-4).
(e) Continuously improving detection processes (DE.DP-5).
Rulemaking Authority Florida Statutes § 282.318(11). Law Implemented 282.318(3) FS. History—New 3-10-16, Amended 1-2-19, Formerly 74-2.004, Amended 9-18-22.