>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

IR-4Incident Handling

PBMM (P2)
Secret (P2)
Operational

>Control Description

(A) The organization implements an incident handling capability for security incidents that includes preparation, detection and analysis, containment, eradication, and recovery. (B) The organization coordinates incident handling activities with contingency planning activities. (C) The organization incorporates lessons learned from ongoing incident handling activities into incident response procedures, training, and testing/exercises, and implements the resulting changes accordingly.

>Supplemental Guidance

Organizations recognize that incident response capability is dependent on the capabilities of organizational information systems and the mission/business processes being supported by those systems. Therefore, organizations consider incident response as part of the definition, design, and development of mission/business processes and information systems. Incident-related information can be obtained from a variety of sources including, for example, audit monitoring, network monitoring, physical access monitoring, user/administrator reports, and reported supply chain events.

Effective incident handling capability includes coordination among many organizational entities including, for example, mission/business owners, information system owners, authorizing officials, human resources offices, physical and personnel security offices, legal departments, operations personnel, procurement offices, and the risk executive (function). Related controls: AU-6, CM-6, CP-2, CP-4, IR-2, IR-3, IR-8, PE-6, SC-5, SC-7, SI-3, SI-4, SI-7

Ask AI

Configure your API key to use AI features.