OASB
v1.0
Controls/Monitoring & Response/10.2
L2 StandardForward-looking

10.2 Anomaly Detection

10. Monitoring & ResponseHow do we detect and respond?

Description

Agent behavior anomalies MUST be detected and trigger alerts.

Rationale

Anomaly detection catches prompt injection and compromised agents that evade rule-based detection.

Audit Procedure

1. Check for behavioral monitoring
2. Verify baselines are established
3. Review alerting thresholds

Remediation

1. Establish behavioral baselines
2. Implement anomaly detection rules
3. Configure alerts for deviations

Framework Mappings

CIS Control 13.1NIST DE.AE-1NIST DE.CM-7
Previous10.1 Security Event LoggingNext10.3 Kill Switch