💼 RS.MA-02: Incident reports are triaged and validated

• Contextual name: 💼 RS.MA-02: Incident reports are triaged and validated
• ID: /frameworks/nist-csf-v2.0/rs-ma/02
• Located in: 💼 Incident Management (RS.MA)

Description

1. Preliminarily review incident reports to confirm that they are cybersecurity-related and necessitate incident response activities
2. Apply criteria to estimate the severity of an incident

Similar

• Sections
  • /frameworks/nist-csf-v1.1/rs-an/01
  • /frameworks/nist-csf-v1.1/rs-an/02
  • /frameworks/nist-sp-800-53-r5/ir/04
  • /frameworks/nist-sp-800-53-r5/ir/05
  • /frameworks/nist-sp-800-53-r5/ir/06

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 NIST CSF v1.1 → 💼 RS.AN-1: Notifications from detection systems are investigated		18	23
💼 NIST CSF v1.1 → 💼 RS.AN-2: The impact of the incident is understood
💼 NIST SP 800-53 Revision 5 → 💼 IR-4 Incident Handling	15
💼 NIST SP 800-53 Revision 5 → 💼 IR-5 Incident Monitoring	1
💼 NIST SP 800-53 Revision 5 → 💼 IR-6 Incident Reporting	3		1

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (24)

Policy	Logic Count	Flags
📝 AWS CloudTrail Log File Validation is not enabled 🟢	1	🟢 x6
📝 AWS CloudTrail S3 Bucket Access Logging is not enabled. 🟢	1	🟢 x6
📝 AWS KMS Symmetric CMK Rotation is not enabled 🟢	1	🟢 x6
📝 AWS S3 Bucket Server Access Logging is not enabled 🟢	1	🟢 x6
📝 AWS VPC Flow Logs are not enabled 🟢	1	🟠 x1, 🟢 x5
📝 Azure Diagnostic Setting for Azure Key Vault is not enabled 🟢		🟢 x3
📝 Azure PostgreSQL Flexible Server connection_throttle.enable Parameter is not set to ON 🟢	1	🟢 x6
📝 Azure PostgreSQL Flexible Server log_checkpoints Parameter is not set to ON 🟢	1	🟢 x6
📝 Azure PostgreSQL Flexible Server log_retention_days Parameter is less than 4 days 🟢	1	🟢 x6
📝 Azure PostgreSQL Single Server log_connections Parameter is not set to ON 🟢	1	🟢 x6
📝 Azure PostgreSQL Single Server log_disconnections Parameter is not set to ON 🟢	1	🟢 x6
📝 Azure SQL Server Auditing is not enabled 🟢	1	🟢 x6
📝 Azure SQL Server Auditing Retention is less than 90 days 🟢	1	🟢 x6
📝 Azure Storage Blob Logging is not enabled for Read, Write, and Delete requests 🟢	1	🟢 x6
📝 Azure Storage Queue Logging is not enabled for Read, Write, and Delete requests 🟢	1	🟢 x6
📝 Azure Subscription Activity Log Alert for Create or Update Network Security Group does not exist 🟢	1	🟢 x6
📝 Azure Subscription Activity Log Alert for Create or Update Security Solution does not exist 🟢	1	🟢 x6
📝 Azure Subscription Activity Log Alert for Create Policy Assignment does not exist 🟢	1	🟢 x6
📝 Azure Subscription Activity Log Alert for Delete Network Security Group does not exist 🟢	1	🟢 x6
📝 Azure Subscription Activity Log Alert for Delete Policy Assignment does not exist 🟢	1	🟢 x6
📝 Azure Subscription Activity Log Alert for Delete Security Solution does not exist 🟢	1	🟢 x6
📝 Google Cloud Audit Logging is not configured properly 🟢	1	🟢 x6
📝 Google GCE Network DNS Policy Logging is not enabled 🟢	1	🟢 x6
📝 Google Organization Essential Contacts is not configured 🟢	1	🟢 x6