| πΌ FedRAMP High Security Controls β πΌ IR-4 Incident Handling (L)(M)(H) | 5 | | | |
| πΌ FedRAMP Low Security Controls β πΌ IR-4 Incident Handling (L)(M)(H) | | | | |
| πΌ NIST CSF v2.0 β πΌ DE.AE-02: Potentially adverse events are analyzed to better understand associated activities | | | 26 | |
| πΌ NIST CSF v2.0 β πΌ DE.AE-03: Information is correlated from multiple sources | | | 26 | |
| πΌ NIST CSF v2.0 β πΌ DE.AE-06: Information on adverse events is provided to authorized staff and tools | | | 33 | |
| πΌ NIST CSF v2.0 β πΌ DE.AE-08: Incidents are declared when adverse events meet the defined incident criteria | | | | |
| πΌ NIST CSF v2.0 β πΌ ID.IM-01: Improvements are identified from evaluations | | | 10 | |
| πΌ NIST CSF v2.0 β πΌ ID.IM-02: Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties | | | 23 | |
| πΌ NIST CSF v2.0 β πΌ ID.IM-03: Improvements are identified from execution of operational processes, procedures, and activities | | | 24 | |
| πΌ NIST CSF v2.0 β πΌ RC.CO-03: Recovery activities and progress in restoring operational capabilities are communicated to designated internal and external stakeholders | | | | |
| πΌ NIST CSF v2.0 β πΌ RC.CO-04: Public updates on incident recovery are shared using approved methods and messaging | | | 23 | |
| πΌ NIST CSF v2.0 β πΌ RC.RP-01: The recovery portion of the incident response plan is executed once initiated from the incident response process | | | 2 | |
| πΌ NIST CSF v2.0 β πΌ RC.RP-02: Recovery actions are selected, scoped, prioritized, and performed | | | 2 | |
| πΌ NIST CSF v2.0 β πΌ RC.RP-06: The end of incident recovery is declared based on criteria, and incident-related documentation is completed | | | | |
| πΌ NIST CSF v2.0 β πΌ RS.AN-03: Analysis is performed to establish what has taken place during an incident and the root cause of the incident | | | | |
| πΌ NIST CSF v2.0 β πΌ RS.AN-06: Actions performed during an investigation are recorded, and the records' integrity and provenance are preserved | | | | |
| πΌ NIST CSF v2.0 β πΌ RS.AN-07: Incident data and metadata are collected, and their integrity and provenance are preserved | | | | |
| πΌ NIST CSF v2.0 β πΌ RS.AN-08: An incident's magnitude is estimated and validated | | | | |
| πΌ NIST CSF v2.0 β πΌ RS.CO-02: Internal and external stakeholders are notified of incidents | | | 30 | |
| πΌ NIST CSF v2.0 β πΌ RS.CO-03: Information is shared with designated internal and external stakeholders | | | 17 | |
| πΌ NIST CSF v2.0 β πΌ RS.MA-02: Incident reports are triaged and validated | | | 22 | |
| πΌ NIST CSF v2.0 β πΌ RS.MA-03: Incidents are categorized and prioritized | | | | |
| πΌ NIST CSF v2.0 β πΌ RS.MA-04: Incidents are escalated or elevated as needed | | | | |
| πΌ NIST CSF v2.0 β πΌ RS.MA-05: The criteria for initiating incident recovery are applied | | | | |
| πΌ NIST CSF v2.0 β πΌ RS.MI-01: Incidents are contained | | | 7 | |
| πΌ NIST CSF v2.0 β πΌ RS.MI-02: Incidents are eradicated | | | 7 | |