5.3 KiB
| implementation-status | control-origination | |||||
|---|---|---|---|---|---|---|
|
|
ir-8 - [catalog] Incident Response Plan
Control Statement
-
[a] Develop an incident response plan that:
- [1] Provides the organization with a roadmap for implementing its incident response capability;
- [2] Describes the structure and organization of the incident response capability;
- [3] Provides a high-level approach for how the incident response capability fits into the overall organization;
- [4] Meets the unique requirements of the organization, which relate to mission, size, structure, and functions;
- [5] Defines reportable incidents;
- [6] Provides metrics for measuring the incident response capability within the organization;
- [7] Defines the resources and management support needed to effectively maintain and mature an incident response capability;
- [8] Addresses the sharing of incident information;
- [9] Is reviewed and approved by personnel or roles frequency ; and
- [10] Explicitly designates responsibility for incident response to entities, personnel, or roles.
-
[b] Distribute copies of the incident response plan to incident response personnel;
-
[c] Update the incident response plan to address system and organizational changes or problems encountered during plan implementation, execution, or testing;
-
[d] Communicate incident response plan changes to organization-defined incident response personnel (identified by name and/or by role) and organizational elements ; and
-
[e] Protect the incident response plan from unauthorized disclosure and modification.
Control guidance
It is important that organizations develop and implement a coordinated approach to incident response. Organizational mission and business functions determine the structure of incident response capabilities. As part of the incident response capabilities, organizations consider the coordination and sharing of information with external organizations, including external service providers and other organizations involved in the supply chain. For incidents involving personally identifiable information (i.e., breaches), include a process to determine whether notice to oversight organizations or affected individuals is appropriate and provide that notice accordingly.
Control assessment-objective
an incident response plan is developed that provides the organization with a roadmap for implementing its incident response capability; an incident response plan is developed that describes the structure and organization of the incident response capability; an incident response plan is developed that provides a high-level approach for how the incident response capability fits into the overall organization; an incident response plan is developed that meets the unique requirements of the organization with regard to mission, size, structure, and functions; an incident response plan is developed that defines reportable incidents; an incident response plan is developed that provides metrics for measuring the incident response capability within the organization; an incident response plan is developed that defines the resources and management support needed to effectively maintain and mature an incident response capability; an incident response plan is developed that addresses the sharing of incident information; an incident response plan is developed that is reviewed and approved by personnel or roles frequency; an incident response plan is developed that explicitly designates responsibility for incident response to entities, personnel, or roles. copies of the incident response plan are distributed to incident response personnel; copies of the incident response plan are distributed to organizational elements; the incident response plan is updated to address system and organizational changes or problems encountered during plan implementation, execution, or testing; incident response plan changes are communicated to incident response personnel; incident response plan changes are communicated to organizational elements; the incident response plan is protected from unauthorized disclosure; the incident response plan is protected from unauthorized modification.
What is the solution and how is it implemented?
Implementation a.
Add control implementation description here for item ir-8_smt.a
Implementation b.
Add control implementation description here for item ir-8_smt.b
Implementation c.
Add control implementation description here for item ir-8_smt.c
Implementation d.
Add control implementation description here for item ir-8_smt.d
Implementation e.
Add control implementation description here for item ir-8_smt.e