// Level 3 · Controls

Incident Response

NIST SP 800-53 Rev 5 Incident Response controls.

IR-01Medium

Policy and Procedures

Develop, document, and disseminate to [parameter]:

IR-02Medium

Incident Response Training

Provide incident response training to system users consistent with assigned roles and responsibilities:

IR-03Medium

Incident Response Testing

Test the effectiveness of the incident response capability for the system [parameter] using the following tests: [parameter].

IR-04Medium

Incident Handling

Implement an incident handling capability for incidents that is consistent with the incident response plan and includes preparation, detection and analysis, containment, eradication, and recovery;

IR-05Medium

Incident Monitoring

Track and document incidents.

IR-06Medium

Incident Reporting

Require personnel to report suspected incidents to the organizational incident response capability within [parameter] ; and

IR-07Medium

Provide an incident response support resource, integral to the organizational incident response capability, that offers advice and assistance to users of the system for the handling and reporting of incidents.

IR-08Medium

Incident Response Plan

Develop an incident response plan that:

IR-09Medium

Information Spillage Response

Respond to information spills by:

IR-10Medium