πΌ RS.AN-06: Actions performed during an investigation are recorded, and the records' integrity and provenance are preserved
- Contextual name: πΌ RS.AN-06: Actions performed during an investigation are recorded, and the records' integrity and provenance are preserved
- ID:
/frameworks/nist-csf-v2.0/rs-an/06 - Located in: πΌ Incident Analysis (RS.AN)
Descriptionβ
- Require each incident responder and others (e.g., system administrators, cybersecurity engineers) who perform incident response tasks to record their actions and make the record immutable
- Require the incident lead to document the incident in detail and be responsible for preserving the integrity of the documentation and the sources of all information being reported
Similarβ
- Sections
/frameworks/nist-csf-v1.1/rs-an/03/frameworks/nist-sp-800-53-r5/au/07/frameworks/nist-sp-800-53-r5/ir/04/frameworks/nist-sp-800-53-r5/ir/06
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ NIST CSF v1.1 β πΌ RS.AN-3: Forensics are performed | ||||
| πΌ NIST SP 800-53 Revision 5 β πΌ AU-7 Audit Record Reduction and Report Generation | 2 | 1 | 1 | |
| πΌ NIST SP 800-53 Revision 5 β πΌ IR-4 Incident Handling | 15 | |||
| πΌ NIST SP 800-53 Revision 5 β πΌ IR-6 Incident Reporting | 3 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|