πΌ RS.AN-03: Analysis is performed to establish what has taken place during an incident and the root cause of the incident
- Contextual name: πΌ RS.AN-03: Analysis is performed to establish what has taken place during an incident and the root cause of the incident
- ID:
/frameworks/nist-csf-v2.0/rs-an/03 - Located in: πΌ Incident Analysis (RS.AN)
Descriptionβ
- Determine the sequence of events that occurred during the incident and which assets and resources were involved in each event
- Attempt to determine what vulnerabilities, threats, and threat actors were directly or indirectly involved in the incident
- Analyze the incident to find the underlying, systemic root causes
- Check any cyber deception technology for additional information on attacker behavior
Similarβ
- Sections
/frameworks/nist-csf-v1.1/rs-an/03/frameworks/nist-sp-800-53-r5/au/07/frameworks/nist-sp-800-53-r5/ir/04
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ NIST CSF v1.1 β πΌ RS.AN-3: Forensics are performed | ||||
| πΌ NIST SP 800-53 Revision 5 β πΌ AU-7 Audit Record Reduction and Report Generation | 2 | 1 | 1 | |
| πΌ NIST SP 800-53 Revision 5 β πΌ IR-4 Incident Handling | 15 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|