← Controls / IR

IR-08 Incident Response Plan

Incident Response

Low Moderate High

Description

a. Develop an incident response plan that: 1. Provides the organization with a roadmap for implementing its incident response capability; 2. Describes the structure and organization of the incident response capability; 3. Provides a high-level approach for how the incident response capability fits into the overall organization; 4. Meets the unique requirements of the organization, which relate to mission, size, structure, and functions; 5. Defines reportable incidents; 6. Provides metrics for measuring the incident response capability within the organization; 7. Defines the resources and management support needed to effectively maintain and mature an incident response capability; 8. Addresses the sharing of incident information; 9. Is reviewed and approved by [Assignment: organization-defined personnel or roles] [Assignment: organization-defined frequency]; and 10. Explicitly designates responsibility for incident response to [Assignment: organization-defined entities, personnel, or roles]; b. Distribute copies of the incident response plan to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; c. Update the incident response plan to address system and organizational changes or problems encountered during plan implementation, execution, or testing; d. Communicate incident response plan changes to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; and e. Protect the incident response plan from unauthorized disclosure and modification.

Supplemental Guidance

It is important that organizations develop and implement a coordinated approach to incident response. Organizational mission and business functions determine the structure of incident response capabilities. As part of the incident response capability, organizations consider the coordination and sharing of information with external organizations, including external service providers.

Changes from Rev 4

No significant changes from Rev 4.

Compliance Mappings

ISO 27001:2022

A.5.24

ISO 27002:2022

5.24

COBIT 2019

DSS02

CIS Controls v8

CIS 17CIS 17.3CIS 17.4CIS 17.9

NIST CSF 2.0

GV.SC-08ID.IM-04RS.MA-01

PCI DSS v4.0.1

12.10

CSA CCM v4

SEF-01SEF-03

CSA AICM v1

SEF-01SEF-03

FINOS CCC

CCC-C15

NIS2 Directive

Art. 21(2)(b)

BSI IT-Grundschutz

DER.2.1

EU DORA

Art.17(1)

BIO2

5.24

RBI CSF

Annex1.19ITGRCA.27

FISC Security Guidelines

FISC.O4

LGPD + BCB 4893

BCB.Art.5BCB.Art.5-SuppBCB.Art.8LGPD.Art.48

HKMA TM-E-1

TME1.5.4TME1.7.5

MLPS 2.0

8.1.10.108.1.10.11

DNB Good Practice

DNB.15.1

EU CRA

CRA.Art14

SWIFT CSCF

SWIFT.7.1

SAMA CSF

3.6

NCA ECC

2-13

UAE IA

T11

CBB TM

TM-13

Qatar NIA

IM

CBUAE

CR-9

CBE CSF

CD-2

SA JS2

JS2-7.4

CBN CSF

Part3.6

BoG CISD

CISD-VII

POPIA

s22

BoM CTRM

5.1

IOSCO Cyber Resilience

PFMI-17RR-1RR-5

BCBS 239

Principle 13

CPMI-IOSCO PFMI

CG.RRPFMI.P17

FFIEC IS

III.D

NYDFS 500

500.16

HIPAA Security Rule

ยง164.308(a)(6)(i)

ECB CROE

CROE.2.5.1

EBA ICT Guidelines

3.5(d)3.7.3

SEBI CSCRF

CCMPRS.IMRS.MA

BOT Cyber Resilience

Ch4.1

CMMC 2.0

IR

NERC CIP

CIP-008-6

DOE C2M2 v2.1

RESPONSE

API 1164

Sec 10

AWIA

Sec 2013(b)AWWA Sec 6

IAEA NSS 17-T

Sec 7

TIBER-EU

TIBER.BT

Solvency II

EIOPA-ICT-4.9

Lloyd's Minimum Standards

CRM.3MS8.5

NAIC Insurance Data Security

4F-a

HITRUST CSF v11

11.a

FDA Cybersecurity Guidance

INC-1

ISO 27799

16.1

NHS DSPT

NDG-6.1

CCSS v9.0

1.06.11.06.31.06.4

MiCA

Art.64(1)Art.62(8)

Basel SCO60

SCO60.50SCO60.73

BSSC Standards

GSP-05

SEC Custody (Digital Assets)

SEC-CD-11