> ## Documentation Index
> Fetch the complete documentation index at: https://docs.levelblue.com/llms.txt
> Use this file to discover all available pages before exploring further.

# NIST CSF Control DE.CM-7: Monitoring for Unauthorized Personnel, Connections, Devices, and Software is Performed

|                       |           |                  |             |             |
| --------------------- | --------- | ---------------- | ----------- | ----------- |
| **Role Availability** | Read-Only | **Investigator** | **Analyst** | **Manager** |

**Security Continuous Monitoring (DE.CM)**: The information system and assets are monitored at discrete intervals to identify cybersecurity events and verify the effectiveness of protective measures. Unauthorized access to accounts will partially satisfy this control.

**Associated Frameworks**: NIST SP 800-53 Rev. 4 AU-12, CA-7, CM-3, CM-8, PE-3, PE-6, PE-20, SI-4

This report provides information on any unauthorized access, connection, or software logged in the USM Anywhere platform.

**Filters used by NIST CSF Control DE.CM-7: Monitoring for Unauthorized Personnel, Connections, Devices, and Software Is Performed**

| Filter     | Value                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |
| ---------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Event Name | "Admin login failed", "An account failed to log on", "An account failed to log on.", "Login - Login Failure", "Login failed", "Multiple Windows Logon Failures", "Multiple failed logins", "Secure Shell: LOGINFAIL", Syslog connection failed", "USER\_Login: Failed", "User login failed", "UserLoginFailed", "Windows DC Logon Failure", "event: LoginFailed", "load balancer: SSH Login failed", "Account locked out", "Account locked-out", "A logon was attempted using explicit credentials", "Admin - Change Password On Next Login", "Admin login", "Attempt to login using a non-existent user", "Login attempt", "UNSUCCESSFUL\_LOGIN", "USER\_LOGIN", "USER\_LOGINx", "User Logon", "User login", "load balancer: SSH login accepted", "A logon was attempted using explicit credentials.", "PAM authentication failure", "Authentication failure", "PAM X more authentication failures", "authentication failure", "SSH connection: Failed password", "FAILED su", "ANOM\_LOGIN\_FAILURES" |
| Suppressed | False                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |

**To generate the NIST CSF Control DE.CM-7 report**

1. Go to **Reports > Compliance Templates**.
2. On the left navigation pane, click **NIST CSF**.
3. Click **Generate Report** on the specific line for this report. The **Configure Report** dialog box appears.
4. Click **Edit Filters** if you want to modify the selected filters, and then click **Continue to Filters**.
5. Make the required modifications, and then click **Edit Report**.
6. Click the date field if you want to choose a different date range. Select **Last Hour**, **Last 24 Hours**, **Last 7 Days**, **Last 30 Days**, **Last 90 Days**, or **Custom Range** to set a particular date range.

   <Frame>
     <img src="https://mintcdn.com/levelblue-5324744e/58jWJ18C3bcpNz-l/images/usm-anywhere/datepicker.webp?fit=max&auto=format&n=58jWJ18C3bcpNz-l&q=85&s=754e4ed5350ec313fb184c52f50a6d84" alt="" width="200" height="204" data-path="images/usm-anywhere/datepicker.webp" />
   </Frame>
7. Select the **Format** of the report. It can either be **CSV** or **PDF**.
8. Select a **Schedule** for the report if you want to generate it again: **Daily**, **Weekly**, **Bi-weekly**, and **Monthly**. Otherwise, select **Never**.
9. Enter an email address in which to send the report. You may also select the **Send to my Email Address** option to add your email address automatically.
10. Select the **Enable link expiration** option.

    <Note>
      This link is delivered by email and expires in 14 days.
    </Note>
11. Click **Next**.
12. In the **Report Name** field, enter a name for the report. This name will be displayed on the **Saved Reports** page.
13. **(OPTIONAL)** Enter a **Report Description**.
14. Under the **Number of Records** section, select the maximum number of records to include in the report: **20**, **50**, **100**, **500**, **1000**, or **2500**.
15. If you have previously chosen the **PDF** format, you will see the **Graphs** section, which you can use to include additional views. You can add to or remove graphs from the report by clicking the  <img src="https://mintcdn.com/levelblue-5324744e/h05grHs2-GuNWffi/images/usm-anywhere/arrow-right.svg?fit=max&auto=format&n=h05grHs2-GuNWffi&q=85&s=3db5770e085275538949814d89b983b9" className="inline" width="20" height="20" data-path="images/usm-anywhere/arrow-right.svg" /> and <img src="https://mintcdn.com/levelblue-5324744e/yWllrh2N4cA-lI7S/images/usm-central/arrow-left.svg?fit=max&auto=format&n=yWllrh2N4cA-lI7S&q=85&s=8f4b65fc211f85dc8cd76980562ac066" className="inline" width="20" height="20" data-path="images/usm-central/arrow-left.svg" /> icons.
16. Click **Run** to run the report.

    <Tip>
      Click **Save & Run** if you wish to keep the report in your [Saved Reports on USM Anywhere](/documentation/usm-anywhere/user-guide/reports/saved-reports) page and receive the report in the indicated email.
    </Tip>