>myctrl.tools
Preferences
Under active development Content is continuously updated and improved · Last updated Feb 18, 2026, 2:55 AM UTC
Compare

DE.AE-08Incidents are declared when adverse events meet the defined incident criteria

>Control Description

This adverse event analysis subcategory ensures that incidents are declared when adverse events meet the defined incident criteria. Key activities include: Apply incident criteria to known and assumed characteristics of activity in order to determine whether an incident should be declared; Take known false positives into account when applying incident criteria.

>Cross-Framework Mappings

NIST SP 800-53 r5

via NIST CSF 2.0 Concept Crosswalk
IR-04
Compare
IR-08
Compare

PCI DSS v4.0.1

via NIST OLIR Catalog
12.10.1
Compare
12.10.2
Compare
12.10.4
Compare

ISO 27001:2022

via NIST OLIR Catalog
5.25
Compare
5.26
Compare

SCF

IRO-02
Compare
IRO-02.4
Compare

>Informative References

Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0

CCMv4.0

LOG-03
LOG-05
SEF-02
SEF-06
SEF-07

CRI Profile v2.0

DE.AE-08
DE.AE-08.01

CSF v1.1

DE.AE-5

ISO/IEC 27001:2022

Mandatory Clause: None
Annex A Controls: 5.25
Annex A Controls: 5.26

NICE Framework

IO-WRL-006
OG-WRL-007
OG-WRL-010
PD-WRL-001
PD-WRL-003
PD-WRL-006

PCI DSS

12.10.1
12.10.2
12.10.4

SCF

IRO-02
IRO-02.4

SP 800-171 Rev 3

03.06.05

SP 800-53 Rev 5.1.1

IR-04
IR-08

SP 800-53 Rev 5.2.0

IR-04
IR-08

Ask AI

Configure your API key to use AI features.