 |
Florida Administrative Code (Last Updated: June 27, 2024) |
 |
60. Department of Management Services |
|
60GG. Florida Digital Service |
|
60GG-2. STATE OF FLORIDA CYBERSECURITY STANDARDS |
1The detect function of the SFCS is visually represented as such:
12Function
13Category
14Subcategory
15Detect (DE)
17Anomalies and Events (AE)
21DE.AE-1: Establish and manage 25a baseline of network operations and expected data flows for Users and systems
38DE.AE-2: 39Analyze detected 41Cybersecurity 42Events to understand attack targets and methods
49DE.AE-3: 50Collect and correlate 53Cybersecurity 54Event data from multiple sources and sensors
61DE.AE-4: 62Determine the impact of 66Cybersecurity 67Events
68DE.AE-5: 69Establish Incident alert thresholds
73Security Continuous Monitoring (CM)
77DE.CM-1: 78Monitor the network to detect potential Cybersecurity Events
86DE.CM-2: 87Monitor the physical environment to detect potential Cybersecurity Events
96DE.CM-3: 97Monitor personnel activity to detect potential Cybersecurity Events
105DE.CM-4: 106Detect malicious code
109DE.CM-5: 110Detect unauthorized mobile code
114DE.CM-6: 115Monitor external service provider activity to detect potential Cybersecurity Events
125DE.CM-7: 126Monitor for unauthorized personnel, connections, devices, and software
134DE.CM-8: 135Perform vulnerability scans
138Detection Processes (DP)
141DE.DP-1: 142Define roles and responsibilities for detection to ensure accountability
151DE.DP-2: 152Ensure that detection activities comply with all applicable requirements
161DE.DP-3: 162Test detection processes
165DE.DP-4: 166Communicate event detection information to stakeholders that should or must receive this information
179DE.DP-5: 180Continuously improve detection processes
184(1) Anomalies and Events. Each Agency shall develop policies and procedures that will facilitate detection of anomalous activity and that allow the Agency to understand the potential impact of events.
214Such policies and procedures shall:
219(a) Establish and manage a baseline of network operations and expected data flows for Users and systems (DE.AE-1).
237(b) Detect and analyze anomalous Cybersecurity Events to determine attack targets and methods (DE.AE-2).
2511. Monitor for unauthorized wireless access points connected to the Agency internal network, and immediately remove them upon detection.
2702. Implement procedures to establish accountability for accessing and modifying exempt, or confidential and exempt, data stores to ensure inappropriate access or modification is detectable.
295(c) Collect and correlate Cybersecurity Event data from multiple sources and sensors (DE.AE-3).
308(d) Determine the impact of Cybersecurity Events (DE.AE-4).
316(e) Establish incident alert thresholds (DE.AE-5).
322(2) Security Continuous Monitoring. Each Agency shall determine the appropriate level of monitoring that will occur regarding IT Resources necessary to identify Cybersecurity Events and verify the effectiveness of protective measures. Such activities shall include:
357(a) Monitoring the network to detect potential Cybersecurity Events (DE.CM-1).
367(b) Monitoring for unauthorized IT Resource connections to the internal Agency network.
379(c) Monitoring the physical environment to detect potential Cybersecurity Events (DE.CM-2).
390(d) Monitoring user activity to detect potential Cybersecurity Events (DE.CM-3).
400(e) Monitoring for malicious code (DE.CM-4).
406(f) Monitoring for unauthorized mobile code (DE.CM-5).
413(g) Monitoring external service provider activity to detect potential Cybersecurity Events (DE.CM-6).
425(h) Monitoring for unauthorized personnel, connections, devices, and software (DE.CM-7).
435(i) Performing vulnerability scans (DE.CM-8). These shall be a part of the System Development Life Cycle (SDLC).
452(3) Detection Processes. Each Agency shall maintain and test detection processes and procedures to ensure awareness of anomalous events. These procedures shall be based on assigned risk and include the following:
483(a) Defining roles and responsibilities for detection to ensure accountability (DE.DP-1).
494(b) Ensuring that detection activities comply with all applicable requirements (DE.DP-2).
505(c) Testing detection processes (DE.DP-3).
510(d) Communicating event detection information to 516Stakeholders that should or must receive this information 524(DE.DP-4).
525(e) Continuously impr528oving detection processes (DE.DP-5).
532Rulemaking Authority 534282.318(11) FS. 536Law Implemented 538282.318(3) FS. 540History‒New 3-10-16, Amended 1-2-19, Formerly 74-2.004, Amended 9-18-22.
