compliance controls are associated with this Policy definition 'Protect incident response plan' (2401b496-7f23-79b2-9f80-89bb5abf3d4a)
| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| FedRAMP_High_R4 |
IR-8 |
FedRAMP_High_R4_IR-8 |
FedRAMP High IR-8 |
Incident Response |
Incident Response Plan |
Shared |
n/a |
The organization:
a. Develops an incident response plan that:
1. Provides the organization with a roadmap for implementing its incident response capability;
2. Describes the structure and organization of the incident response capability;
3. Provides a high-level approach for how the incident response capability fits into the overall organization;
4. Meets the unique requirements of the organization, which relate to mission, size, structure, and functions;
5. Defines reportable incidents;
6. Provides metrics for measuring the incident response capability within the organization;
7. Defines the resources and management support needed to effectively maintain and mature an incident response capability; and
8. Is reviewed and approved by [Assignment: organization-defined personnel or roles];
b. Distributes copies of the incident response plan to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements];
c. Reviews the incident response plan [Assignment: organization-defined frequency];
d. Updates the incident response plan to address system/organizational changes or problems encountered during plan implementation, execution, or testing;
e. Communicates incident response plan changes to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; and
f. Protects the incident response plan from unauthorized disclosure and modification.
Supplemental Guidance: It is important that organizations develop and implement a coordinated approach to incident response. Organizational missions, business functions, strategies, goals, and objectives for incident response help to determine the structure of incident response capabilities. As part of a comprehensive incident response capability, organizations consider the coordination and sharing of information with external organizations, including, for example, external service providers and organizations involved in the supply chain for organizational information systems. Related controls: MP-2, MP-4, MP-5.
Control Enhancements: None.
References: NIST Special Publication 800-61. |
link |
6 |
| FedRAMP_Moderate_R4 |
IR-8 |
FedRAMP_Moderate_R4_IR-8 |
FedRAMP Moderate IR-8 |
Incident Response |
Incident Response Plan |
Shared |
n/a |
The organization:
a. Develops an incident response plan that:
1. Provides the organization with a roadmap for implementing its incident response capability;
2. Describes the structure and organization of the incident response capability;
3. Provides a high-level approach for how the incident response capability fits into the overall organization;
4. Meets the unique requirements of the organization, which relate to mission, size, structure, and functions;
5. Defines reportable incidents;
6. Provides metrics for measuring the incident response capability within the organization;
7. Defines the resources and management support needed to effectively maintain and mature an incident response capability; and
8. Is reviewed and approved by [Assignment: organization-defined personnel or roles];
b. Distributes copies of the incident response plan to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements];
c. Reviews the incident response plan [Assignment: organization-defined frequency];
d. Updates the incident response plan to address system/organizational changes or problems encountered during plan implementation, execution, or testing;
e. Communicates incident response plan changes to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; and
f. Protects the incident response plan from unauthorized disclosure and modification.
Supplemental Guidance: It is important that organizations develop and implement a coordinated approach to incident response. Organizational missions, business functions, strategies, goals, and objectives for incident response help to determine the structure of incident response capabilities. As part of a comprehensive incident response capability, organizations consider the coordination and sharing of information with external organizations, including, for example, external service providers and organizations involved in the supply chain for organizational information systems. Related controls: MP-2, MP-4, MP-5.
Control Enhancements: None.
References: NIST Special Publication 800-61. |
link |
6 |
| hipaa |
1505.11a1Organizational.13-11.a |
hipaa-1505.11a1Organizational.13-11.a |
1505.11a1Organizational.13-11.a |
15 Incident Management |
1505.11a1Organizational.13-11.a 11.01 Reporting Information Security Incidents and Weaknesses |
Shared |
n/a |
A formal security incident response program has been established to respond, report (without fear of repercussion), escalate and treat breaches and reported security events or incidents. Organization-wide standards are specified for the time required for system administrators and other personnel to report anomalous events to the incident handling team, the mechanisms for such reporting, and the kind of information that should be included in the incident notification. This reporting includes notifying internal and external stakeholders, the appropriate community Computer Emergency Response Team, and law enforcement agencies in accordance with all legal or regulatory requirements for involving such organizations in computer incidents. |
|
19 |
| hipaa |
1509.11a2Organizational.236-11.a |
hipaa-1509.11a2Organizational.236-11.a |
1509.11a2Organizational.236-11.a |
15 Incident Management |
1509.11a2Organizational.236-11.a 11.01 Reporting Information Security Incidents and Weaknesses |
Shared |
n/a |
The incident management program formally defines information security incidents and the phases of incident response; roles and responsibilities; incident handling, reporting and communication processes; third-party relationships and the handling of third-party breaches; and the supporting forensics program. The organization formally assigns job titles and duties for handling computer and network security incidents to specific individuals and identifies management personnel who will support the incident handling process by acting in key decision-making roles. |
|
17 |
| hipaa |
1510.11a2Organizational.47-11.a |
hipaa-1510.11a2Organizational.47-11.a |
1510.11a2Organizational.47-11.a |
15 Incident Management |
1510.11a2Organizational.47-11.a 11.01 Reporting Information Security Incidents and Weaknesses |
Shared |
n/a |
Reports and communications are made without unreasonable delay and no later than 60 days after the discovery of an incident, unless otherwise stated by law enforcement orally or in writing, and include the necessary elements. |
|
11 |
| hipaa |
1516.11c1Organizational.12-11.c |
hipaa-1516.11c1Organizational.12-11.c |
1516.11c1Organizational.12-11.c |
15 Incident Management |
1516.11c1Organizational.12-11.c 11.02 Management of Information Security Incidents and Improvements |
Shared |
n/a |
The security incident response program accounts for and prepares the organization for a variety of incidents. |
|
10 |
| hipaa |
1517.11c1Organizational.3-11.c |
hipaa-1517.11c1Organizational.3-11.c |
1517.11c1Organizational.3-11.c |
15 Incident Management |
1517.11c1Organizational.3-11.c 11.02 Management of Information Security Incidents and Improvements |
Shared |
n/a |
There is a point of contact who is responsible for coordinating incident responses and has the authority to direct actions required in all phases of the incident response process. |
|
6 |
| hipaa |
1520.11c2Organizational.4-11.c |
hipaa-1520.11c2Organizational.4-11.c |
1520.11c2Organizational.4-11.c |
15 Incident Management |
1520.11c2Organizational.4-11.c 11.02 Management of Information Security Incidents and Improvements |
Shared |
n/a |
The incident response plan is communicated to the appropriate individuals throughout the organization. |
|
8 |
| hipaa |
1560.11d1Organizational.1-11.d |
hipaa-1560.11d1Organizational.1-11.d |
1560.11d1Organizational.1-11.d |
15 Incident Management |
1560.11d1Organizational.1-11.d 11.02 Management of Information Security Incidents and Improvements |
Shared |
n/a |
The information gained from the evaluation of information security incidents is used to identify recurring or high-impact incidents, and update the incident response and recovery strategy. |
|
8 |
| hipaa |
1587.11c2Organizational.10-11.c |
hipaa-1587.11c2Organizational.10-11.c |
1587.11c2Organizational.10-11.c |
15 Incident Management |
1587.11c2Organizational.10-11.c 11.02 Management of Information Security Incidents and Improvements |
Shared |
n/a |
The incident management plan is reviewed and updated annually. |
|
9 |
| ISO27001-2013 |
A.16.1.1 |
ISO27001-2013_A.16.1.1 |
ISO 27001:2013 A.16.1.1 |
Information Security Incident Management |
Responsibilities and procedures |
Shared |
n/a |
Management responsibilities and procedures shall be established to ensure a quick, effective and orderly response to information security incidents. |
link |
7 |
| NIST_SP_800-53_R4 |
IR-8 |
NIST_SP_800-53_R4_IR-8 |
NIST SP 800-53 Rev. 4 IR-8 |
Incident Response |
Incident Response Plan |
Shared |
n/a |
The organization:
a. Develops an incident response plan that:
1. Provides the organization with a roadmap for implementing its incident response capability;
2. Describes the structure and organization of the incident response capability;
3. Provides a high-level approach for how the incident response capability fits into the overall organization;
4. Meets the unique requirements of the organization, which relate to mission, size, structure, and functions;
5. Defines reportable incidents;
6. Provides metrics for measuring the incident response capability within the organization;
7. Defines the resources and management support needed to effectively maintain and mature an incident response capability; and
8. Is reviewed and approved by [Assignment: organization-defined personnel or roles];
b. Distributes copies of the incident response plan to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements];
c. Reviews the incident response plan [Assignment: organization-defined frequency];
d. Updates the incident response plan to address system/organizational changes or problems encountered during plan implementation, execution, or testing;
e. Communicates incident response plan changes to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; and
f. Protects the incident response plan from unauthorized disclosure and modification.
Supplemental Guidance: It is important that organizations develop and implement a coordinated approach to incident response. Organizational missions, business functions, strategies, goals, and objectives for incident response help to determine the structure of incident response capabilities. As part of a comprehensive incident response capability, organizations consider the coordination and sharing of information with external organizations, including, for example, external service providers and organizations involved in the supply chain for organizational information systems. Related controls: MP-2, MP-4, MP-5.
Control Enhancements: None.
References: NIST Special Publication 800-61. |
link |
6 |
| NIST_SP_800-53_R5 |
IR-8 |
NIST_SP_800-53_R5_IR-8 |
NIST SP 800-53 Rev. 5 IR-8 |
Incident Response |
Incident Response Plan |
Shared |
n/a |
a. Develop an incident response plan that:
1. Provides the organization with a roadmap for implementing its incident response capability;
2. Describes the structure and organization of the incident response capability;
3. Provides a high-level approach for how the incident response capability fits into the overall organization;
4. Meets the unique requirements of the organization, which relate to mission, size, structure, and functions;
5. Defines reportable incidents;
6. Provides metrics for measuring the incident response capability within the organization;
7. Defines the resources and management support needed to effectively maintain and mature an incident response capability;
8. Addresses the sharing of incident information;
9. Is reviewed and approved by [Assignment: organization-defined personnel or roles] [Assignment: organization-defined frequency]; and
10. Explicitly designates responsibility for incident response to [Assignment: organization-defined entities, personnel, or roles].
b. Distribute copies of the incident response plan to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements];
c. Update the incident response plan to address system and organizational changes or problems encountered during plan implementation, execution, or testing;
d. Communicate incident response plan changes to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; and
e. Protect the incident response plan from unauthorized disclosure and modification. |
link |
6 |
|
op.exp.7 Incident management |
op.exp.7 Incident management |
404 not found |
|
|
|
n/a |
n/a |
|
103 |
|
org.2 Security regulations |
org.2 Security regulations |
404 not found |
|
|
|
n/a |
n/a |
|
100 |
| PCI_DSS_v4.0 |
12.10.2 |
PCI_DSS_v4.0_12.10.2 |
PCI DSS v4.0 12.10.2 |
Requirement 12: Support Information Security with Organizational Policies and Programs |
Suspected and confirmed security incidents that could impact the CDE are responded to immediately |
Shared |
n/a |
At least once every 12 months, the security incident response plan is:
• Reviewed and the content is updated as needed.
• Tested, including all elements listed in Requirement 12.10.1. |
link |
6 |
| SWIFT_CSCF_v2022 |
11.2 |
SWIFT_CSCF_v2022_11.2 |
SWIFT CSCF v2022 11.2 |
11. Monitor in case of Major Disaster |
Ensure a consistent and effective approach for the management of incidents (Problem Management). |
Shared |
n/a |
Ensure a consistent and effective approach for the management of incidents (Problem Management). |
link |
20 |