RS.CO-02—Internal and external stakeholders are notified of incidents
>Control Description
This incident response reporting and communication subcategory ensures that internal and external stakeholders are notified of incidents. Key activities include: Follow the organization’s breach notification procedures after discovering a data breach incident, including notifying affected customers; Notify business partners and customers of incidents in accordance with contractual requirements; Notify law enforcement agencies and regulatory bodies of incidents based on criteria in the incident response plan and management approval.
>Cross-Framework Mappings
NIST SP 800-53 r5
via NIST CSF 2.0 Concept CrosswalkISO 27001:2022
via NIST OLIR Catalog>Informative References
Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0
CCMv4.0
DSP-18
SEF-02
SEF-07
SEF-08
CIS Controls v8.0
17.2
CIS Controls v8.1
17.2
CRI Profile v2.0
RS.CO-02
RS.CO-02.01
RS.CO-02.02
RS.CO-02.03
CSF v1.1
RS.CO-2
RS.CO-3
ISO/IEC 27001:2022
Mandatory Clause: 7.4
Annex A Controls: 5.26
NICE Framework
OG-WRL-006
OG-WRL-007
OG-WRL-008
OG-WRL-010
OG-WRL-015
PD-WRL-003
PCI DSS
12.10.1
12.10.3
12.8.2
12.8.5
SCF
IRO-02
IRO-10
IRO-10.4
SP 800-171 Rev 3
03.06.01
03.06.02
03.17.03
SP 800-53 Rev 5.1.1
IR-04
IR-06
IR-07
SR-03
SR-08
SP 800-53 Rev 5.2.0
IR-04
IR-06
IR-07
SR-03
SR-08
Ask AI
Configure your API key to use AI features.