Skip to main content

💼 IR-4 INCIDENT HANDLING

  • Contextual name: 💼 IR-4 INCIDENT HANDLING
  • ID: /frameworks/nist-sp-800-53-r4/ir/04
  • Located in: 💼 IR INCIDENT RESPONSE

Description​

The organization: IR-4a. Implements an incident handling capability for security incidents that includes preparation, detection and analysis, containment, eradication, and recovery; IR-4b. Coordinates incident handling activities with contingency planning activities; and IR-4c. Incorporates lessons learned from ongoing incident handling activities into incident response procedures, training, and testing, and implements the resulting changes accordingly.

Similar​

  • Internal
    • ID: dec-c-2652716b

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
💼 NIST CSF v1.1 → 💼 DE.AE-2: Detected events are analyzed to understand attack targets and methods1823
💼 NIST CSF v1.1 → 💼 DE.AE-3: Event data are collected and correlated from multiple sources and sensors1837
💼 NIST CSF v1.1 → 💼 DE.AE-4: Impact of events is determined1313
💼 NIST CSF v1.1 → 💼 DE.AE-5: Incident alert thresholds are established
💼 NIST CSF v1.1 → 💼 ID.SC-5: Response and recovery planning and testing are conducted with suppliers and third-party providers11
💼 NIST CSF v1.1 → 💼 RC.CO-3: Recovery activities are communicated to internal and external stakeholders as well as executive and management teams
💼 NIST CSF v1.1 → 💼 RC.IM-1: Recovery plans incorporate lessons learned
💼 NIST CSF v1.1 → 💼 RC.IM-2: Recovery strategies are updated
💼 NIST CSF v1.1 → 💼 RC.RP-1: Recovery plan is executed during or after a cybersecurity incident
💼 NIST CSF v1.1 → 💼 RS.AN-1: Notifications from detection systems are investigated1823
💼 NIST CSF v1.1 → 💼 RS.AN-2: The impact of the incident is understood
💼 NIST CSF v1.1 → 💼 RS.AN-3: Forensics are performed1
💼 NIST CSF v1.1 → 💼 RS.AN-4: Incidents are categorized consistent with response plans
💼 NIST CSF v1.1 → 💼 RS.CO-3: Information is shared consistent with response plans1617
💼 NIST CSF v1.1 → 💼 RS.CO-4: Coordination with stakeholders occurs consistent with response plans
💼 NIST CSF v1.1 → 💼 RS.IM-1: Response plans incorporate lessons learned
💼 NIST CSF v1.1 → 💼 RS.IM-2: Response strategies are updated
💼 NIST CSF v1.1 → 💼 RS.MI-1: Incidents are contained77
💼 NIST CSF v1.1 → 💼 RS.MI-2: Incidents are mitigated77
💼 NIST CSF v1.1 → 💼 RS.RP-1: Response plan is executed during or after an incident

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags
💼 IR-4 (1) AUTOMATED INCIDENT HANDLING PROCESSES
💼 IR-4 (2) DYNAMIC RECONFIGURATION
💼 IR-4 (3) CONTINUITY OF OPERATIONS
💼 IR-4 (4) INFORMATION CORRELATION
💼 IR-4 (5) AUTOMATIC DISABLING OF INFORMATION SYSTEM
💼 IR-4 (6) INSIDER THREATS - SPECIFIC CAPABILITIES
💼 IR-4 (7) INSIDER THREATS - INTRA-ORGANIZATION COORDINATION
💼 IR-4 (8) CORRELATION WITH EXTERNAL ORGANIZATIONS
💼 IR-4 (9) DYNAMIC RESPONSE CAPABILITY
💼 IR-4 (10) SUPPLY CHAIN COORDINATION