ID.IM-04—Incident response plans and other cybersecurity plans that affect operations are established, communicated, maintained, and improved
>Control Description
This improvement subcategory ensures that incident response plans and other cybersecurity plans that affect operations are established, communicated, maintained, and improved. Key activities include: Establish contingency plans (e; Include contact and communication information, processes for handling common scenarios, and criteria for prioritization, escalation, and elevation ...; Create a vulnerability management plan to identify and assess all types of vulnerabilities and to prioritize, test, and implement risk responses.
>Cross-Framework Mappings
>Informative References
Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0
CCMv4.0
BCR-01
BCR-04
BCR-05
BCR-09
CEK-20
SEF-01
SEF-02
SEF-03
+2 more
CRI Profile v2.0
ID.IM-04
ID.IM-04.01
ID.IM-04.02
ID.IM-04.03
ID.IM-04.04
ID.IM-04.05
ID.IM-04.06
ID.IM-04.07
+1 more
CSF v1.1
PR.IP-9
RS.IM-1
RC.IM-1
PR.IP-10
ISO/IEC 27001:2022
Mandatory Clause: 9.1
Annex A Controls: 5.24
Annex A Controls: 5.26
Annex A Controls: 5.27
NICE Framework
DD-WRL-004
DD-WRL-006
DD-WRL-007
OG-WRL-010
OG-WRL-016
PD-WRL-003
PCI DSS
12.10.1
12.10.2
12.10.6
12.10.3
SCF
BCD-01
BCD-06
IRO-04
IRO-04.2
SP 800-171 Rev 3
03.06.05
03.15.02
03.17.01
SP 800-221A
MA.RR-4
MA.IM-1
SP 800-53 Rev 5.1.1
CP-02
IR-08
PL-02
SR-02
SP 800-53 Rev 5.2.0
CP-02
IR-08
PL-02
SR-02
Ask AI
Configure your API key to use AI features.