← Controls / RA

RA-10 Threat Hunting

Risk Assessment

New in Rev 5

Description

a. Establish and maintain a cyber threat hunting capability to: 1. Search for indicators of compromise in organizational systems; and 2. Detect, track, and disrupt threats that evade existing controls; and b. Employ the threat hunting capability [Assignment: organization-defined frequency].

Supplemental Guidance

Threat hunting is an active means of cyber defense in contrast to traditional protection measures, such as firewalls, intrusion detection and prevention systems, quarantining malicious code in sandboxes, and security event and incident management technologies and systems. Cyber threat hunting involves proactively searching organizational systems, networks, and infrastructure for advanced threats.

Changes from Rev 4

New control in Rev 5.

MITRE ATT&CK Techniques (8)

ATT&CK v16.1

Techniques mitigated by this control, mapped via CTID.

Initial Access 4 Privilege Escalation 1 Defense Evasion 1 Credential Access 1 Lateral Movement 1

Compliance Mappings

ISO 27001:2022

A.5.7

ISO 27002:2022

5.7

NIST CSF 2.0

DE.AE-07ID.RA-03

MAS TRM

12

BIO2

5.7

RBI CSF

Annex1.13

LGPD + BCB 4893

BCB.Art.6

HKMA TM-E-1

TME1.7.4

SAMA CSF

1.93.6

NCA ECC

2-13

UAE IA

T2

CBB TM

TM-11TM-12

Qatar NIA

RM

CBUAE

CR-3

CBE CSF

CD-1

SA JS2

JS2-7.3JS2-7.6

CBN CSF

Part3.5Part4

BoM CTRM

4.1

IOSCO Cyber Resilience

DET-3ID-3SA-1

CPMI-IOSCO PFMI

CG.DECG.IDCG.SA

FFIEC IS

II.AII.A.1III.A

ECB CROE

CROE.2.4CROE.2.6.2CROE.2.7.1

SEBI CSCRF

DE.CMDE.DPDE.VAID.RASOCVAPT

BOT Cyber Resilience

Ch3.1Ch8.1

CMMC 2.0

RA

CBEST

CBEST.2CBEST.4

TIBER-EU

TIBER.RTTIBER.TTI

Lloyd's Minimum Standards

CRM.2MS10.2

HITRUST CSF v11

09.c10.e

FDA Cybersecurity Guidance

CRA-1MON-3ST-2TM-1

NHS DSPT

NDG-9.8