Anomaly Detection
Identify anomalous activity that may indicate a security event.
9 of 9 frameworks cover this control
Framework Mappings
How Anomaly Detection maps to each of the 6 cybersecurity frameworks tracked by ControlMap.
| Framework | Status | Control IDs |
|---|---|---|
| NIST CSF 2.0 | Covered | DE.AE-01 DE.AE-04 |
| ISO 27001 | Covered | A.8.16 |
| CIS v8 | Covered | CIS 8.5 CIS 8.6 |
| SOC 2 | Covered | CC7.2 |
| PCI DSS | Covered | 10.4.1 11.5.1.1 |
| CMMC | Covered | SI.L2-3.14.6 SI.L2-3.14.7 |
| 800-53 | Covered | SI-4 AC-2 |
| HIPAA | Covered | §164.308(a)(1)(ii)(D) |
| GDPR | Covered | Art.32(1)(d) |
About Anomaly Detection
Anomaly Detection is a cybersecurity control in the Detect domain. Identify anomalous activity that may indicate a security event. Anomaly detection uses baseline behavioral profiles and machine learning algorithms to identify deviations from normal patterns in user activity, network traffic, and system operations that may indicate compromise or insider threats. Unlike signature-based detection, anomaly detection can identify novel attacks and zero-day exploits by flagging unusual data transfers, abnormal login times, atypical access patterns, or unexpected process execution. Effective implementation requires establishing accurate baselines, tuning sensitivity thresholds to balance detection rates against false positive volumes, and integrating findings into the incident triage workflow.
This control is recognized by 9 of the 6 major frameworks: NIST CSF 2.0, ISO 27001, CIS v8, SOC 2, PCI DSS, CMMC, 800-53, HIPAA, GDPR. It has full coverage across all ${FW_KEYS.length} frameworks.