SIEM / SOC
Centralize security event management and analysis.
9 of 9 frameworks cover this control
Framework Mappings
How SIEM / SOC maps to each of the 6 cybersecurity frameworks tracked by ControlMap.
| Framework | Status | Control IDs |
|---|---|---|
| NIST CSF 2.0 | Covered | DE.AE-02 DE.AE-06 |
| ISO 27001 | Covered | A.8.15 A.8.16 |
| CIS v8 | Covered | CIS 8.2 CIS 8.11 |
| SOC 2 | Covered | CC7.2 CC7.3 |
| PCI DSS | Covered | 10.4.1 10.4.3 11.5.2 |
| CMMC | Covered | AU.L2-3.3.1 SI.L2-3.14.6 |
| 800-53 | Covered | AU-6 SI-4 |
| HIPAA | Covered | §164.308(a)(1)(ii)(D) §164.312(b) |
| GDPR | Covered | Art.32(1)(d) |
About SIEM / SOC
SIEM / SOC is a cybersecurity control in the Detect domain. Centralize security event management and analysis. Security Information and Event Management (SIEM) platforms aggregate and correlate log data from across the entire IT environment to provide centralized visibility, threat detection, and compliance reporting. A Security Operations Center (SOC) staffs trained analysts who monitor SIEM alerts, investigate potential incidents, and coordinate response activities, often operating on a 24/7 basis for critical environments. Organizations should develop detection use cases aligned with MITRE ATT&CK techniques, establish alert triage procedures and escalation workflows, and measure SOC effectiveness through metrics like mean time to detect (MTTD) and mean time to respond (MTTR).
This control is recognized by 9 of the 6 major frameworks: NIST CSF 2.0, ISO 27001, CIS v8, SOC 2, PCI DSS, CMMC, 800-53, HIPAA, GDPR. It has full coverage across all ${FW_KEYS.length} frameworks.