>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

IR-3Incident Response Testing

IL4 Mod
IL4 High
IL5
IL6

>Control Description

Test the effectiveness of the incident response capability for the system organization-defined frequency using the following tests: organization-defined tests.

>DoD Impact Level Requirements

FedRAMP Parameter Values

IR-3-1 [at least every six (6) months, including functional at least annually]

Additional Requirements and Guidance

IR-3-2 Requirement: The service provider defines tests and/or exercises in accordance with NIST Special Publication 800-61 (as amended). Functional testing must occur prior to testing for initial authorization. Annual functional testing may be concurrent with required penetration tests (see CA-8). The service provider provides test plans to the JAB/AO annually. Test plans are approved and accepted by the JAB/AO prior to test commencing.

>Discussion

Organizations test incident response capabilities to determine their effectiveness and identify potential weaknesses or deficiencies. Incident response testing includes the use of checklists, walk-through or tabletop exercises, and simulations (parallel or full interrupt). Incident response testing can include a determination of the effects on organizational operations and assets and individuals due to incident response.

The use of qualitative and quantitative data aids in determining the effectiveness of incident response processes.

>Programmatic Queries

Beta

Related Services

AWS Fault Injection Service
Amazon GuardDuty
AWS Systems Manager

CLI Commands

List FIS experiment templates
aws fis list-experiment-templates
Start a fault injection experiment
aws fis start-experiment --experiment-template-id TEMPLATE_ID
Generate GuardDuty sample findings for testing
aws guardduty create-sample-findings --detector-id DETECTOR_ID --finding-types '["Recon:EC2/PortProbeUnprotectedPort"]'
List completed FIS experiments
aws fis list-experiments --query 'experiments[?state.status==`completed`]'
Open AWS ConsoleDocumentation

>Related Controls

CP-3
CP-4
IR-2
IR-4
IR-8
PM-14

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What formal policies and procedures govern the implementation of IR-3 (Incident Response Testing)?
  • Who are the designated roles responsible for implementing, maintaining, and monitoring IR-3?
  • How frequently is the IR-3 policy reviewed and updated, and what triggers policy changes?
  • What governance structure ensures IR-3 requirements are consistently applied across all systems?

Technical Implementation:

  • Describe the specific technical mechanisms or controls used to enforce IR-3 requirements.
  • What automated tools, systems, or technologies are deployed to implement IR-3?
  • How is IR-3 integrated into your system architecture and overall security posture?
  • What configuration settings, parameters, or technical specifications enforce IR-3 requirements?

Evidence & Documentation:

  • What documentation demonstrates the complete implementation of IR-3?
  • What audit logs, records, reports, or monitoring data validate IR-3 compliance?
  • Can you provide evidence of periodic reviews, assessments, or testing of IR-3 effectiveness?
  • What artifacts would you present during a FedRAMP assessment to demonstrate IR-3 compliance?

Ask AI

Configure your API key to use AI features.