Description
The organization tracks and documents information system security incidents on an ongoing basis.\n
Supplemental Guidance
None.\n
Changes from Rev 4
Control text eliminates ‘information system security' incidents Discussion adds reference to IR-4
Enhancements
(1) The organization employs automated mechanisms to assist in the tracking of security incidents and in the collection and analysis of incident information.\n
Compliance Mappings
ISO 27002:2022
5.25
CIS Controls v8
17.217.6
NIST CSF 2.0
DE.AE-06RC.RP-06RSRS.AN-06RS.CO
SOC 2 TSC
CC2.2-POF6CC2.3-POF8CC7.3-POF2CC7.4CC7.4-POF6CC7.4-POF9
ISO 17799 (legacy)
None.
COBIT 4.1 (legacy)
DS8.2DS8.4