myctrl.tools
Compare

IR-3Incident Response Testing

MODERATE
HIGH
PRIVACY

>Control Description

Test the effectiveness of the incident response capability for the system organization-defined frequency using the following tests: organization-defined tests.

>Control Enhancements(3)

IR-3(1)
IR-3(2)
IR-3(3)

>Cross-Framework Mappings

SCF

IRO-06
Compare

>Programmatic Queries

Beta

Related Services

AWS Fault Injection Service
Amazon GuardDuty
AWS Systems Manager

CLI Commands

List FIS experiment templates
aws fis list-experiment-templates
Start a fault injection experiment
aws fis start-experiment --experiment-template-id TEMPLATE_ID
Generate GuardDuty sample findings for testing
aws guardduty create-sample-findings --detector-id DETECTOR_ID --finding-types '["Recon:EC2/PortProbeUnprotectedPort"]'
List completed FIS experiments
aws fis list-experiments --query 'experiments[?state.status==`completed`]'
Open AWS ConsoleDocumentation

>Supplemental Guidance

Organizations test incident response capabilities to determine their effectiveness and identify potential weaknesses or deficiencies. Incident response testing includes the use of checklists, walk-through or tabletop exercises, and simulations (parallel or full interrupt). Incident response testing can include a determination of the effects on organizational operations and assets and individuals due to incident response.

The use of qualitative and quantitative data aids in determining the effectiveness of incident response processes.

>Related Controls

CP-3
CP-4
IR-2
IR-4
IR-8
PM-14

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What formal policies and procedures govern the implementation of IR-3 (Incident Response Testing)?
  • Who are the designated roles responsible for implementing, maintaining, and monitoring IR-3?
  • How frequently is the IR-3 policy reviewed and updated, and what triggers policy changes?
  • What governance structure ensures IR-3 requirements are consistently applied across all systems?

Technical Implementation:

  • Describe the specific technical mechanisms or controls used to enforce IR-3 requirements.
  • What automated tools, systems, or technologies are deployed to implement IR-3?
  • How is IR-3 integrated into your system architecture and overall security posture?
  • What configuration settings, parameters, or technical specifications enforce IR-3 requirements?

Evidence & Documentation:

  • What documentation demonstrates the complete implementation of IR-3?
  • What audit logs, records, reports, or monitoring data validate IR-3 compliance?
  • Can you provide evidence of periodic reviews, assessments, or testing of IR-3 effectiveness?
  • What artifacts would you present during a FedRAMP assessment to demonstrate IR-3 compliance?

Ask AI

Configure your API key to use AI features.