Procedural and operational measures that use system capabilities to maximize the ability of an organization to detect successful system compromises by an adversary and to limit the effects of such compromises (both detected and undetected).
Sources:
NIST SP 800-172
NIST SP 800-172A