>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

IR.L2-3.6.1Incident Handling

Level 2
800-171: 3.6.1

>Control Description

Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities.

>Cross-Framework Mappings

NIST SP 800-171

3.6.1
Compare

SCF

IRO-02
Compare
IRO-05
Compare

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What is your incident response policy and program governance?
  • How is your incident response team structured and who leads it?
  • What is your process for classifying and prioritizing incidents?
  • How often do you review and update your incident response procedures?
  • What authorities and resources does your incident response team have?

Technical Implementation:

  • What incident response tools and platforms do you use (SIEM, SOAR)?
  • What technical capabilities support incident detection?
  • What forensic tools support incident analysis?
  • What technologies enable incident containment?
  • What systems support incident tracking and case management?
  • What communication tools support incident response?

Evidence & Documentation:

  • What incident response plan and procedures can you provide?
  • What incident tracking records demonstrate incident handling?
  • What incident reports show incidents were properly documented?
  • What incident response test documentation shows capability testing?
  • What evidence shows incident response team training?
  • What notification records show required reporting occurred?

Ask AI

Configure your API key to use AI features.