Skip to main content

πŸ’Ό IR-4 INCIDENT HANDLING

  • Contextual name: πŸ’Ό IR-4 INCIDENT HANDLING
  • ID: /frameworks/nist-sp-800-53-r4/ir/04
  • Located in: πŸ’Ό IR INCIDENT RESPONSE

Description​

The organization: IR-4a. Implements an incident handling capability for security incidents that includes preparation, detection and analysis, containment, eradication, and recovery; IR-4b. Coordinates incident handling activities with contingency planning activities; and IR-4c. Incorporates lessons learned from ongoing incident handling activities into incident response procedures, training, and testing, and implements the resulting changes accordingly.

Similar​

  • Internal
    • ID: dec-c-2652716b

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό DE.AE-2: Detected events are analyzed to understand attack targets and methods1922
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό DE.AE-3: Event data are collected and correlated from multiple sources and sensors1922
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό DE.AE-4: Impact of events is determined1414
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό DE.AE-5: Incident alert thresholds are established
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό ID.SC-5: Response and recovery planning and testing are conducted with suppliers and third-party providers11
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό RC.CO-3: Recovery activities are communicated to internal and external stakeholders as well as executive and management teams
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό RC.IM-1: Recovery plans incorporate lessons learned
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό RC.IM-2: Recovery strategies are updated
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό RC.RP-1: Recovery plan is executed during or after a cybersecurity incident
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό RS.AN-1: Notifications from detection systems are investigated1922
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό RS.AN-2: The impact of the incident is understood
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό RS.AN-3: Forensics are performed
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό RS.AN-4: Incidents are categorized consistent with response plans
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό RS.CO-3: Information is shared consistent with response plans1617
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό RS.CO-4: Coordination with stakeholders occurs consistent with response plans
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό RS.IM-1: Response plans incorporate lessons learned
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό RS.IM-2: Response strategies are updated
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό RS.MI-1: Incidents are contained77
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό RS.MI-2: Incidents are mitigated77
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό RS.RP-1: Response plan is executed during or after an incident

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό IR-4 (1) AUTOMATED INCIDENT HANDLING PROCESSES
πŸ’Ό IR-4 (2) DYNAMIC RECONFIGURATION
πŸ’Ό IR-4 (3) CONTINUITY OF OPERATIONS
πŸ’Ό IR-4 (4) INFORMATION CORRELATION
πŸ’Ό IR-4 (5) AUTOMATIC DISABLING OF INFORMATION SYSTEM
πŸ’Ό IR-4 (6) INSIDER THREATS - SPECIFIC CAPABILITIES
πŸ’Ό IR-4 (7) INSIDER THREATS - INTRA-ORGANIZATION COORDINATION
πŸ’Ό IR-4 (8) CORRELATION WITH EXTERNAL ORGANIZATIONS
πŸ’Ό IR-4 (9) DYNAMIC RESPONSE CAPABILITY
πŸ’Ό IR-4 (10) SUPPLY CHAIN COORDINATION