💼 IR-4 INCIDENT HANDLING

• ID: /frameworks/nist-sp-800-53-r4/ir/04

Description

The organization: IR-4a. Implements an incident handling capability for security incidents that includes preparation, detection and analysis, containment, eradication, and recovery; IR-4b. Coordinates incident handling activities with contingency planning activities; and IR-4c. Incorporates lessons learned from ongoing incident handling activities into incident response procedures, training, and testing, and implements the resulting changes accordingly.

Similar

• Internal
  • ID: dec-c-2652716b

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 NIST CSF v1.1 → 💼 DE.AE-2: Detected events are analyzed to understand attack targets and methods		18	24		no data
💼 NIST CSF v1.1 → 💼 DE.AE-3: Event data are collected and correlated from multiple sources and sensors		18	38		no data
💼 NIST CSF v1.1 → 💼 DE.AE-4: Impact of events is determined		13	14		no data
💼 NIST CSF v1.1 → 💼 DE.AE-5: Incident alert thresholds are established					no data
💼 NIST CSF v1.1 → 💼 ID.SC-5: Response and recovery planning and testing are conducted with suppliers and third-party providers		1	1		no data
💼 NIST CSF v1.1 → 💼 RC.CO-3: Recovery activities are communicated to internal and external stakeholders as well as executive and management teams					no data
💼 NIST CSF v1.1 → 💼 RC.IM-1: Recovery plans incorporate lessons learned					no data
💼 NIST CSF v1.1 → 💼 RC.IM-2: Recovery strategies are updated					no data
💼 NIST CSF v1.1 → 💼 RC.RP-1: Recovery plan is executed during or after a cybersecurity incident					no data
💼 NIST CSF v1.1 → 💼 RS.AN-1: Notifications from detection systems are investigated		18	24		no data
💼 NIST CSF v1.1 → 💼 RS.AN-2: The impact of the incident is understood					no data
💼 NIST CSF v1.1 → 💼 RS.AN-3: Forensics are performed			1		no data
💼 NIST CSF v1.1 → 💼 RS.AN-4: Incidents are categorized consistent with response plans					no data
💼 NIST CSF v1.1 → 💼 RS.CO-3: Information is shared consistent with response plans		16	18		no data
💼 NIST CSF v1.1 → 💼 RS.CO-4: Coordination with stakeholders occurs consistent with response plans					no data
💼 NIST CSF v1.1 → 💼 RS.IM-1: Response plans incorporate lessons learned					no data
💼 NIST CSF v1.1 → 💼 RS.IM-2: Response strategies are updated					no data
💼 NIST CSF v1.1 → 💼 RS.MI-1: Incidents are contained		7	7		no data
💼 NIST CSF v1.1 → 💼 RS.MI-2: Incidents are mitigated		7	7		no data
💼 NIST CSF v1.1 → 💼 RS.RP-1: Response plan is executed during or after an incident					no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 IR-4 (1) AUTOMATED INCIDENT HANDLING PROCESSES					no data
💼 IR-4 (2) DYNAMIC RECONFIGURATION					no data
💼 IR-4 (3) CONTINUITY OF OPERATIONS					no data
💼 IR-4 (4) INFORMATION CORRELATION					no data
💼 IR-4 (5) AUTOMATIC DISABLING OF INFORMATION SYSTEM					no data
💼 IR-4 (6) INSIDER THREATS - SPECIFIC CAPABILITIES					no data
💼 IR-4 (7) INSIDER THREATS - INTRA-ORGANIZATION COORDINATION					no data
💼 IR-4 (8) CORRELATION WITH EXTERNAL ORGANIZATIONS					no data
💼 IR-4 (9) DYNAMIC RESPONSE CAPABILITY					no data
💼 IR-4 (10) SUPPLY CHAIN COORDINATION					no data