Skip to main content

πŸ’Ό IR-8 INCIDENT RESPONSE PLAN

  • Contextual name: πŸ’Ό IR-8 INCIDENT RESPONSE PLAN
  • ID: /frameworks/nist-sp-800-53-r4/ir/08
  • Located in: πŸ’Ό IR INCIDENT RESPONSE

Description​

The organization: IR-8a. Develops an incident response plan that: IR-8a.1. Provides the organization with a roadmap for implementing its incident response capability; IR-8a.2. Describes the structure and organization of the incident response capability; IR-8a.3. Provides a high-level approach for how the incident response capability fits into the overall organization; IR-8a.4. Meets the unique requirements of the organization, which relate to mission, size, structure, and functions; IR-8a.5. Defines reportable incidents; IR-8a.6. Provides metrics for measuring the incident response capability within the organization; IR-8a.7. Defines the resources and management support needed to effectively maintain and mature an incident response capability; and IR-8a.8. Is reviewed and approved by [Assignment: organization-defined personnel or roles]; IR-8b. Distributes copies of the incident response plan to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; IR-8c. Reviews the incident response plan [Assignment: organization-defined frequency]; IR-8d. Updates the incident response plan to address system/organizational changes or problems encountered during plan implementation, execution, or testing; IR-8e. Communicates incident response plan changes to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; and IR-8f. Protects the incident response plan from unauthorized disclosure and modification.

Similar​

  • Internal
    • ID: dec-c-cf6355ed

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό DE.AE-3: Event data are collected and correlated from multiple sources and sensors1922
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό DE.AE-5: Incident alert thresholds are established
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό ID.SC-5: Response and recovery planning and testing are conducted with suppliers and third-party providers11
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό PR.IP-7: Protection processes are improved2
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό PR.IP-9: Response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are in place and managed33
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό RC.IM-1: Recovery plans incorporate lessons learned
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό RC.IM-2: Recovery strategies are updated
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό RC.RP-1: Recovery plan is executed during or after a cybersecurity incident
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό RS.AN-4: Incidents are categorized consistent with response plans
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό RS.CO-1: Personnel know their roles and order of operations when a response is needed
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό RS.CO-2: Incidents are reported consistent with established criteria2023
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό RS.CO-3: Information is shared consistent with response plans1617
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό RS.CO-4: Coordination with stakeholders occurs consistent with response plans
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό RS.IM-1: Response plans incorporate lessons learned
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό RS.IM-2: Response strategies are updated
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό RS.RP-1: Response plan is executed during or after an incident

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags