← Controls / IR

IR-07 Incident Response Assistance

Incident Response

Low Moderate High Privacy

Description

The organization provides an incident response support resource that offers advice and assistance to users of the information system for the handling and reporting of security incidents. The support resource is an integral part of the organization’s incident response capability.

Supplemental Guidance

Possible implementations of incident response support resources in an organization include a help desk or an assistance group and access to forensics services, when required.

Changes from Rev 4

Control text more general as ‘incidents’ versus ‘security incidents’

Enhancements

(1) The organization employs automated mechanisms to increase the availability of incident response- related information and support.

Compliance Mappings

ISO 27001:2022

7.4A.5.26A.6.8

ISO 27002:2022

5.245.266.8

COBIT 2019

DSS02

CIS Controls v8

CIS 17CIS 17.2CIS 17.6

NIST CSF 2.0

GV.RM-05RC.CO-03RC.CO-04RS.CO-02RS.MA-01RS.MA-04

PCI DSS v4.0.1

12.10

CSA CCM v4

SEF-07

CSA AICM v1

SEF-07

ISO 42001:2023

A.8.4

NIS2 Directive

Art. 21(2)(b)Art. 23

PRA Operational Resilience

SS1/21-8.1

ANSSI

Hygiene.40Hygiene.42SecNumCloud.17.1

FINMA Circular 2023/1

IV.A(41)IV.C(70)IV.D(71)

OSFI B-13

B-13.2.5B-13.3.4

EU GDPR

Art.33(1)Art.34(1)Art.34(2)

EU DORA

Art.11(7)Art.14Art.17(3)(d)Art.22(1)

BIO2

5.245.266.8

RBI CSF

Annex1.19ITGRCA.27

FISC Security Guidelines

FISC.O4

LGPD + BCB 4893

BCB.Art.5BCB.Art.7LGPD.Art.48

HKMA TM-E-1

TME1.5.4TME1.7.5

EU CRA

CRA.II.6

SAMA CSF

3.6

NCA ECC

2-13

UAE IA

T11

CBB TM

TM-13

Qatar NIA

IM

CBUAE

CR-9

CBE CSF

CD-2

SA JS2

JS2-7.4

CBN CSF

Part3.6

BoG CISD

CISD-VII

POPIA

s22

BoM CTRM

5.1

IOSCO Cyber Resilience

RR-1RR-4

CPMI-IOSCO PFMI

CG.RR

FFIEC IS

III.D

NYDFS 500

500.16

HIPAA Security Rule

§164.308(a)(6)(i)§164.308(a)(6)(ii)

ECB CROE

CROE.2.5.1CROE.2.5.3

EBA ICT Guidelines

3.5(d)3.7.53.8(d)

SEBI CSCRF

RS.MA

BOT Cyber Resilience

Ch4.1

CMMC 2.0

IR

TIBER-EU

TIBER.BT

ISAE 3402

Clause 10

Solvency II

EIOPA-ICT-4.9

Lloyd's Minimum Standards

MS8.5

NAIC Insurance Data Security

4F-a

HITRUST CSF v11

11.a

FDA Cybersecurity Guidance

524B-3CVD-1INC-1

ISO 27799

16.1

NHS DSPT

NDG-6.1

MiCA

Art.64(1)Art.62(8)

Basel SCO60

SCO60.73

SEC Custody (Digital Assets)

SEC-CD-11

ISO 17799 (legacy)

14.1.3

COBIT 4.1 (legacy)

DS8.1