πΌ IR-4 Incident Handling (L)(M)(H)
- Contextual name: πΌ IR-4 Incident Handling (L)(M)(H)
- ID:
/frameworks/fedramp-high-security-controls/ir/04 - Located in: πΌ Incident Response
Descriptionβ
a. Implement an incident handling capability for incidents that is consistent with the incident response plan and includes preparation, detection and analysis, containment, eradication, and recovery;
b. Coordinate incident handling activities with contingency planning activities;
c. Incorporate lessons learned from ongoing incident handling activities into incident response procedures, training, and testing, and implement the resulting changes accordingly; and
d. Ensure the rigor, intensity, scope, and results of incident handling activities are comparable and predictable across the organization.
IR-4 Additional FedRAMP Requirements and Guidance:
Requirement: The FISMA definition of "incident" shall be used: "An occurrence that actually or imminently jeopardizes, without lawful authority, the confidentiality, integrity, or availability of information or an information system; or constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies."
Requirement: The service provider ensures that individuals conducting incident handling meet personnel security requirements commensurate with the criticality/sensitivity of the information being processed, stored, and transmitted by the information system.
Similarβ
- Sections
/frameworks/nist-sp-800-53-r5/ir/04
- Internal
- ID:
dec-c-6292b4a0
- ID:
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ NIST SP 800-53 Revision 5 β πΌ IR-4 Incident Handling | 15 |
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ FedRAMP Low Security Controls β πΌ IR-4 Incident Handling (L)(M)(H) | ||||
| πΌ FedRAMP Moderate Security Controls β πΌ IR-4 Incident Handling (L)(M)(H) | 1 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ IR-4(1) Automated Incident Handling Processes (M)(H) | ||||
| πΌ IR-4(2) Dynamic Reconfiguration (H) | ||||
| πΌ IR-4(4) Information Correlation (H) | ||||
| πΌ IR-4(6) Insider Threats (H) | ||||
| πΌ IR-4(11) Integrated Incident Response Team (H) |