πΌ RS.MA-03: Incidents are categorized and prioritized
- Contextual name: πΌ RS.MA-03: Incidents are categorized and prioritized
- ID:
/frameworks/nist-csf-v2.0/rs-ma/03 - Located in: πΌ Incident Management (RS.MA)
Descriptionβ
- Further review and categorize incidents based on the type of incident (e.g., data breach, ransomware, DDoS, account compromise)
- Prioritize incidents based on their scope, likely impact, and time-critical nature
- Select incident response strategies for active incidents by balancing the need to quickly recover from an incident with the need to observe the attacker or conduct a more thorough investigation
Similarβ
- Sections
/frameworks/nist-csf-v1.1/rs-an/04/frameworks/nist-csf-v1.1/rs-an/02/frameworks/nist-sp-800-53-r5/ir/04/frameworks/nist-sp-800-53-r5/ir/05/frameworks/nist-sp-800-53-r5/ir/06
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ NIST CSF v1.1 β πΌ RS.AN-2: The impact of the incident is understood | ||||
| πΌ NIST CSF v1.1 β πΌ RS.AN-4: Incidents are categorized consistent with response plans | ||||
| πΌ NIST SP 800-53 Revision 5 β πΌ IR-4 Incident Handling | 15 | |||
| πΌ NIST SP 800-53 Revision 5 β πΌ IR-5 Incident Monitoring | 1 | |||
| πΌ NIST SP 800-53 Revision 5 β πΌ IR-6 Incident Reporting | 3 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|