💼 RS.CO-03: Information is shared with designated internal and external stakeholders

• Contextual name: 💼 RS.CO-03: Information is shared with designated internal and external stakeholders
• ID: /frameworks/nist-csf-v2.0/rs-co/03
• Located in: 💼 Incident Response Reporting and Communication (RS.CO)

Description

1. Securely share information consistent with response plans and information sharing agreements
2. Voluntarily share information about an attacker's observed TTPs, with all sensitive data removed, with an Information Sharing and Analysis Center (ISAC)
3. Notify HR when malicious insider activity occurs
4. Regularly update senior leadership on the status of major incidents
5. Follow the rules and protocols defined in contracts for incident information sharing between the organization and its suppliers
6. Coordinate crisis communication methods between the organization and its critical suppliers

Similar

• Sections
  • /frameworks/nist-csf-v1.1/rs-co/03
  • /frameworks/nist-csf-v1.1/rs-co/05
  • /frameworks/nist-sp-800-53-r5/ir/04
  • /frameworks/nist-sp-800-53-r5/ir/06
  • /frameworks/nist-sp-800-53-r5/ir/07
  • /frameworks/nist-sp-800-53-r5/sr/03
  • /frameworks/nist-sp-800-53-r5/sr/08

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 NIST CSF v1.1 → 💼 RS.CO-3: Information is shared consistent with response plans		16	17
💼 NIST CSF v1.1 → 💼 RS.CO-5: Voluntary information sharing occurs with external stakeholders to achieve broader cybersecurity situational awareness
💼 NIST SP 800-53 Revision 5 → 💼 IR-4 Incident Handling	15
💼 NIST SP 800-53 Revision 5 → 💼 IR-6 Incident Reporting	3
💼 NIST SP 800-53 Revision 5 → 💼 IR-7 Incident Response Assistance	2
💼 NIST SP 800-53 Revision 5 → 💼 SR-3 Supply Chain Controls and Processes	3
💼 NIST SP 800-53 Revision 5 → 💼 SR-8 Notification Agreements

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (17)

Policy	Logic Count	Flags
📝 AWS Account IAM Access Analyzer is not enabled for all regions 🟢	1	🟢 x6
📝 Azure Subscription Activity Log Alert for Create or Update Network Security Group does not exist 🟢	1	🟢 x6
📝 Azure Subscription Activity Log Alert for Create or Update Security Solution does not exist 🟢	1	🟢 x6
📝 Azure Subscription Activity Log Alert for Create Policy Assignment does not exist 🟢	1	🟢 x6
📝 Azure Subscription Activity Log Alert for Delete Network Security Group does not exist 🟢	1	🟢 x6
📝 Azure Subscription Activity Log Alert for Delete Policy Assignment does not exist 🟢	1	🟢 x6
📝 Azure Subscription Activity Log Alert for Delete Security Solution does not exist 🟢	1	🟢 x6
📝 Azure Subscription Microsoft Defender For (Managed Instance) Azure SQL Databases is not set to On 🟢	1	🟢 x6
📝 Azure Subscription Microsoft Defender For App Services is not set to On 🟢	1	🟢 x6
📝 Azure Subscription Microsoft Defender For Containers is not set to On 🟢	1	🟢 x6
📝 Azure Subscription Microsoft Defender For Key Vault is not set to On 🟢	1	🟢 x6
📝 Azure Subscription Microsoft Defender For Servers is not set to On 🟢	1	🟢 x6
📝 Azure Subscription Microsoft Defender For SQL Servers On Machines is not set to On 🟢	1	🟢 x6
📝 Azure Subscription Microsoft Defender For Storage is not set to On 🟢	1	🟢 x6
📝 Azure Subscription Security Alert Notifications additional email address is not configured 🟢	1	🟢 x6
📝 Azure Subscription Security Alert Notifications to subscription owners are not configured 🟢	1	🟢 x6
📝 Microsoft Defender For Cloud Integration With Microsoft Defender For Cloud Apps is not enabled 🟢	1	🟢 x6