Control
ID
Control Description Data Protection Classification
Level 1 Level 2 Level 3 Level 4
SII-1 Identify, report, and remediate system flaws in a timely manner. essential essential essential essential
SII-2 Provide protection from malicious code at designated locations within organizational systems. required required essential essential
SII-3 Monitor system security alerts and advisories and take action in response. essential essential essential essential
SII-4 Update malicious code protection mechanisms when new releases are available. required required essential essential
SII-6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. recommended recommended required essential