Focused Observation

Focused Observation definition in Computer Security terms:

Acronym(s): None

Definition(s): The act of directed (focused) attention to a party or parties alleged to have violated Department/Agency (D/A) acceptable use’ policies and agreements for NSS. The alleged violation may be caused by the aggregation of triggers indicating anomalous activity on a National Security System (NSS). The violation thresholds are arrived at by trigger events that meet established thresholds of anomalous activity or the observed violation of ‘acceptable use’ policies.
Source(s): CNSSI 4009-2015 (CNSSD No. 504)

Synonym(s): None


reference: CSRC Glossary