Description
The organization trains personnel in their incident response roles and responsibilities with respect to the information system and provides refresher training [Assignment: organization- defined frequency, at least annually].
Supplemental Guidance
None.
Changes from Rev 4
Adds 'or acquiring system access' to text New text requires review and update incident response training content at a specified frequency and following specified events Discussion includes examples of events that may precipitate an update to incident response training content
Compliance Mappings
ISO 27001:2022
A.5.24
ISO 27002:2022
5.24
COBIT 2019
DSS02
CIS Controls v8
CIS 14.6CIS 17CIS 17.1CIS 17.5
NIST CSF 2.0
PR.AT-02
PCI DSS v4.0.1
12.10
CSA CCM v4
DCS-11SEF-03
CSA AICM v1
DCS-11SEF-03
ISO 42001:2023
A.8.4
NIS2 Directive
Art. 21(2)(b)
ANSSI
Hygiene.35Hygiene.4SecNumCloud.17.1
FINMA Circular 2023/1
IV.A(41)IV.A(42)IV.C(70)IV.D(71)
OSFI B-13
B-13.2.5B-13.3.4
EU GDPR
Art.33(2)Art.39(1)(b)
EU DORA
Art.13(6)Art.17(3)(d)
BIO2
5.24
RBI CSF
Annex1.19Annex1.23ITGRCA.27
FISC Security Guidelines
FISC.O4
LGPD + BCB 4893
BCB.Art.5
HKMA TM-E-1
TME1.7.5
DNB Good Practice
DNB.15.1
SAMA CSF
3.6
NCA ECC
2-13
UAE IA
T11
CBB TM
TM-13
Qatar NIA
IM
CBUAE
CR-9
CBE CSF
CD-2
SA JS2
JS2-7.4
CBN CSF
Part3.6
BoG CISD
CISD-VII
POPIA
s22
BoM CTRM
5.1
IOSCO Cyber Resilience
RR-1
CPMI-IOSCO PFMI
CG.RRPFMI.P17
FFIEC IS
III.D
NYDFS 500
500.16
HIPAA Security Rule
ยง164.308(a)(6)(i)
ECB CROE
CROE.2.5.1
EBA ICT Guidelines
3.5(d)
SEBI CSCRF
RS.MA
BOT Cyber Resilience
Ch4.1
CMMC 2.0
IR
NERC CIP
CIP-008-6
10 CFR 73.54
RG5.71-B-CP
DOE C2M2 v2.1
RESPONSE
API 1164
Sec 10
AWIA
Sec 2013(b)AWWA Sec 6
IAEA NSS 17-T
Sec 7
TIBER-EU
TIBER.BT
Solvency II
EIOPA-ICT-4.9
Lloyd's Minimum Standards
CRM.3MS8.5
NAIC Insurance Data Security
4F-a
HITRUST CSF v11
11.a
FDA Cybersecurity Guidance
INC-1
ISO 27799
16.1
NHS DSPT
NDG-6.1
BSSC Standards
GSP-05
SEC Custody (Digital Assets)
SEC-CD-11
ISO 17799 (legacy)
13.1.1
COBIT 4.1 (legacy)
None.