You can spot unauthorized use of your systems.
What it actually means
Beyond detecting outside attacks, you need to recognize unauthorized use — odd account activity, access at strange times, use outside someone's role. It leans on your logging, monitoring, and review working together.
Pass or fail — an assessor needs a "yes" to each
- Monitoring/review can surface unauthorized use (not just malware).
- Anomalous account/usage activity is detectable.
- There's a process to investigate it.
What to have ready
- Monitoring/SIEM rules for anomalous use
- Review process + sample findings
Where teams trip up
- Only looking for malware, not misuse
- No baseline of 'normal' to compare against
See where this control puts your score
Run all 110 requirements free in about 10 minutes.
Calculate your SPRS score →