Skip to main content

πŸ’Ό IR-8 Incident Response Plan

  • Contextual name: πŸ’Ό IR-8 Incident Response Plan
  • ID: /frameworks/nist-sp-800-53-r5/ir/08
  • Located in: πŸ’Ό IR Incident Response

Description​

a. Develop an incident response plan that:

  1. Provides the organization with a roadmap for implementing its incident response capability;
  2. Describes the structure and organization of the incident response capability;
  3. Provides a high-level approach for how the incident response capability fits into the overall organization;
  4. Meets the unique requirements of the organization, which relate to mission, size, structure, and functions;
  5. Defines reportable incidents;
  6. Provides metrics for measuring the incident response capability within the organization;
  7. Defines the resources and management support needed to effectively maintain and mature an incident response capability;
  8. Addresses the sharing of incident information;
  9. Is reviewed and approved by [Assignment: organization-defined personnel or roles] [Assignment: organization-defined frequency]; and
  10. Explicitly designates responsibility for incident response to [Assignment: organization-defined entities, personnel, or roles]. b. Distribute copies of the incident response plan to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; c. Update the incident response plan to address system and organizational changes or problems encountered during plan implementation, execution, or testing; d. Communicate incident response plan changes to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; and e. Protect the incident response plan from unauthorized disclosure and modification.

Similar​

  • Internal
    • ID: dec-c-bda5a0d8

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό IR-8 Incident Response Plan (L)(M)(H)
πŸ’Ό FedRAMP Low Security Controls β†’ πŸ’Ό IR-8 Incident Response Plan (L)(M)(H)
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό DE.AE-03: Information is correlated from multiple sources26
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό DE.AE-08: Incidents are declared when adverse events meet the defined incident criteria
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.IM-01: Improvements are identified from evaluations10
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.IM-02: Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties23
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.IM-03: Improvements are identified from execution of operational processes, procedures, and activities24
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.IM-04: Incident response plans and other cybersecurity plans that affect operations are established, communicated, maintained, and improved3
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό RC.RP-01: The recovery portion of the incident response plan is executed once initiated from the incident response process2
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό RC.RP-02: Recovery actions are selected, scoped, prioritized, and performed2
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό RC.RP-04: Critical mission functions and cybersecurity risk management are considered to establish post-incident operational norms
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό RC.RP-06: The end of incident recovery is declared based on criteria, and incident-related documentation is completed
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό RS.MA-01: The incident response plan is executed in coordination with relevant third parties once an incident is declared
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό RS.MA-05: The criteria for initiating incident recovery are applied

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό IR-8(1) Incident Response Plan _ Breaches