This activity puts in place prescribed security controls and procedures throughout all aspects of IT, both in terms of the IT organization and by activating the security protections within IT solutions and services.

Applying the mechanisms involves the full range of education and training, installing new systems, and testing to make sure that security controls and procedures work properly.

This activity actuates and monitors the full range of security measures and capabilities, responding to service or resource access authorization requests in addition to noting security violations and initiating incidents when necessary.

Real-time intrusion detection sensing and immediate responses are an important part of the function of this activity.