CIS-8.1.13.6 — Collect Network Traffic Flow LogsDomain: CIS Control 13 | Safeguard: CIS-8.1.13.6 | Asset Class: Network | Security Function: Detect | Source: CIS Controls v8.1.2 (March 2025) |
Implementation Groups: IG1IG2IG3 Collect network traffic flow logs and/or network traffic to review and alert upon from network devices. |
Executive Summary (For Leadership and the Board)
CIS Safeguard CIS-8.1.13.6 sits inside Control 13 (Network / Detect) and reads: Collect network traffic flow logs and/or network traffic to review and alert upon from network devices. The Safeguard is most rigorously expected at IG3 (Audience: organizations with sensitive data and regulatory exposure (CMMC L2, ITAR, PCI Level 1, regulated FSI). Implementation cost: high; full DevSecOps, mature SOC, threat modeling, red-teaming.) Mature programs treat this as a measured, recertified, and audit-evidenced control rather than a one-time configuration. The Safeguard maps to NIST SP 800-53 Rev. 5 SC-7 (Boundary Protection), AC-4 (Information Flow), AU-2 (Audit Events) and to NIST CSF 2.0 PR.IR (Tech Infra Resilience), DE.CM (Continuous Monitoring).