| πΌ IR-1 Policy and Procedures | | | | |
| πΌ IR-2 Incident Response Training | 3 | | | |
| πΌ IR-2(1) Incident Response Training _ Simulated Events | | | | |
| πΌ IR-2(2) Incident Response Training _ Automated Training Environments | | | | |
| πΌ IR-2(3) Incident Response Training _ Breach | | | | |
| πΌ IR-3 Incident Response Testing | 3 | | | |
| πΌ IR-3(1) Incident Response Testing _ Automated Testing | | | | |
| πΌ IR-3(2) Incident Response Testing _ Coordination with Related Plans | | | | |
| πΌ IR-3(3) Incident Response Testing _ Continuous Improvement | | | | |
| πΌ IR-4 Incident Handling | 15 | | | |
| πΌ IR-4(1) Incident Handling _ Automated Incident Handling Processes | | | | |
| πΌ IR-4(2) Incident Handling _ Dynamic Reconfiguration | | | | |
| πΌ IR-4(3) Incident Handling _ Continuity of Operations | | | | |
| πΌ IR-4(4) Incident Handling _ Information Correlation | | | | |
| πΌ IR-4(5) Incident Handling _ Automatic Disabling of System | | | | |
| πΌ IR-4(6) Incident Handling _ Insider Threats | | | | |
| πΌ IR-4(7) Incident Handling _ Insider Threats β Intra-organization Coordination | | | | |
| πΌ IR-4(8) Incident Handling _ Correlation with External Organizations | | | | |
| πΌ IR-4(9) Incident Handling _ Dynamic Response Capability | | | | |
| πΌ IR-4(10) Incident Handling _ Supply Chain Coordination | | | | |
| πΌ IR-4(11) Incident Handling _ Integrated Incident Response Team | | | | |
| πΌ IR-4(12) Incident Handling _ Malicious Code and Forensic Analysis | | | | |
| πΌ IR-4(13) Incident Handling _ Behavior Analysis | | | | |
| πΌ IR-4(14) Incident Handling _ Security Operations Center | | | | |
| πΌ IR-4(15) Incident Handling _ Public Relations and Reputation Repair | | | | |
| πΌ IR-5 Incident Monitoring | 1 | | | |
| πΌ IR-5(1) Incident Monitoring _ Automated Tracking, Data Collection, and Analysis | | | | |
| πΌ IR-6 Incident Reporting | 3 | | | |
| πΌ IR-6(1) Incident Reporting _ Automated Reporting | | | | |
| πΌ IR-6(2) Incident Reporting _ Vulnerabilities Related to Incidents | | | | |
| πΌ IR-6(3) Incident Reporting _ Supply Chain Coordination | | | | |
| πΌ IR-7 Incident Response Assistance | 2 | | | |
| πΌ IR-7(1) Incident Response Assistance _ Automation Support for Availability of Information and Support | | | | |
| πΌ IR-7(2) Incident Response Assistance _ Coordination with External Providers | | | | |
| πΌ IR-8 Incident Response Plan | 1 | | | |
| πΌ IR-8(1) Incident Response Plan _ Breaches | | | | |
| πΌ IR-9 Information Spillage Response | 4 | | | |
| πΌ IR-9(1) Information Spillage Response _ Responsible Personnel | | | | |
| πΌ IR-9(2) Information Spillage Response _ Training | | | | |
| πΌ IR-9(3) Information Spillage Response _ Post-spill Operations | | | | |
| πΌ IR-9(4) Information Spillage Response _ Exposure to Unauthorized Personnel | | | | |
| πΌ IR-10 Integrated Information Security Analysis Team | | | | |