compliance controls are associated with this Policy definition 'Identify classes of Incidents and Actions taken' (23d1a569-2d1e-7f43-9e22-1f94115b7dd5)
| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| FedRAMP_High_R4 |
IR-4(3) |
FedRAMP_High_R4_IR-4(3) |
FedRAMP High IR-4 (3) |
Incident Response |
Continuity Of Operations |
Shared |
n/a |
The organization identifies [Assignment: organization-defined classes of incidents] and [Assignment: organization-defined actions to take in response to classes of incidents] to ensure continuation of organizational missions and business functions.
Supplemental Guidance: Classes of incidents include, for example, malfunctions due to design/implementation errors and omissions, targeted malicious attacks, and untargeted malicious attacks. Appropriate incident response actions include, for example, graceful degradation, information system shutdown, fall back to manual mode/alternative technology whereby the system operates differently, employing deceptive measures, alternate information flows, or operating in a mode that is reserved solely for when systems are under attack. |
link |
1 |
| hipaa |
1505.11a1Organizational.13-11.a |
hipaa-1505.11a1Organizational.13-11.a |
1505.11a1Organizational.13-11.a |
15 Incident Management |
1505.11a1Organizational.13-11.a 11.01 Reporting Information Security Incidents and Weaknesses |
Shared |
n/a |
A formal security incident response program has been established to respond, report (without fear of repercussion), escalate and treat breaches and reported security events or incidents. Organization-wide standards are specified for the time required for system administrators and other personnel to report anomalous events to the incident handling team, the mechanisms for such reporting, and the kind of information that should be included in the incident notification. This reporting includes notifying internal and external stakeholders, the appropriate community Computer Emergency Response Team, and law enforcement agencies in accordance with all legal or regulatory requirements for involving such organizations in computer incidents. |
|
19 |
| hipaa |
1509.11a2Organizational.236-11.a |
hipaa-1509.11a2Organizational.236-11.a |
1509.11a2Organizational.236-11.a |
15 Incident Management |
1509.11a2Organizational.236-11.a 11.01 Reporting Information Security Incidents and Weaknesses |
Shared |
n/a |
The incident management program formally defines information security incidents and the phases of incident response; roles and responsibilities; incident handling, reporting and communication processes; third-party relationships and the handling of third-party breaches; and the supporting forensics program. The organization formally assigns job titles and duties for handling computer and network security incidents to specific individuals and identifies management personnel who will support the incident handling process by acting in key decision-making roles. |
|
17 |
| hipaa |
1515.11a3Organizational.3-11.a |
hipaa-1515.11a3Organizational.3-11.a |
1515.11a3Organizational.3-11.a |
15 Incident Management |
1515.11a3Organizational.3-11.a 11.01 Reporting Information Security Incidents and Weaknesses |
Shared |
n/a |
Incidents (or a sample of incidents) are reviewed to identify necessary improvement to the security controls. |
|
11 |
| hipaa |
1521.11c2Organizational.56-11.c |
hipaa-1521.11c2Organizational.56-11.c |
1521.11c2Organizational.56-11.c |
15 Incident Management |
1521.11c2Organizational.56-11.c 11.02 Management of Information Security Incidents and Improvements |
Shared |
n/a |
Testing exercises are planned, coordinated, executed, and documented periodically, at least annually, using reviews, analyses, and simulations to determine incident response effectiveness. Testing includes personnel associated with the incident handling team to ensure that they understand current threats and risks, as well as their responsibilities in supporting the incident handling team. |
|
16 |
| hipaa |
1562.11d2Organizational.2-11.d |
hipaa-1562.11d2Organizational.2-11.d |
1562.11d2Organizational.2-11.d |
15 Incident Management |
1562.11d2Organizational.2-11.d 11.02 Management of Information Security Incidents and Improvements |
Shared |
n/a |
The organization coordinates incident handling activities with contingency planning activities. |
|
12 |
| NIST_SP_800-53_R4 |
IR-4(3) |
NIST_SP_800-53_R4_IR-4(3) |
NIST SP 800-53 Rev. 4 IR-4 (3) |
Incident Response |
Continuity Of Operations |
Shared |
n/a |
The organization identifies [Assignment: organization-defined classes of incidents] and [Assignment: organization-defined actions to take in response to classes of incidents] to ensure continuation of organizational missions and business functions.
Supplemental Guidance: Classes of incidents include, for example, malfunctions due to design/implementation errors and omissions, targeted malicious attacks, and untargeted malicious attacks. Appropriate incident response actions include, for example, graceful degradation, information system shutdown, fall back to manual mode/alternative technology whereby the system operates differently, employing deceptive measures, alternate information flows, or operating in a mode that is reserved solely for when systems are under attack. |
link |
1 |
| NIST_SP_800-53_R5 |
IR-4(3) |
NIST_SP_800-53_R5_IR-4(3) |
NIST SP 800-53 Rev. 5 IR-4 (3) |
Incident Response |
Continuity of Operations |
Shared |
n/a |
Identify [Assignment: organization-defined classes of incidents] and take the following actions in response to those incidents to ensure continuation of organizational mission and business functions: [Assignment: organization-defined actions to take in response to classes of incidents]. |
link |
1 |
| SOC_2 |
CC7.4 |
SOC_2_CC7.4 |
SOC 2 Type 2 CC7.4 |
System Operations |
Security incidents response |
Shared |
The customer is responsible for implementing this recommendation. |
Assigns Roles and Responsibilities — Roles and responsibilities for the design, implementation, maintenance, and execution of the incident response program are assigned, including the use of external resources when necessary.
• Contains Security Incidents — Procedures are in place to contain security incidents
that actively threaten entity objectives.
• Mitigates Ongoing Security Incidents — Procedures are in place to mitigate the effects of ongoing security incidents.
• Ends Threats Posed by Security Incidents — Procedures are in place to end the
threats posed by security incidents through closure of the vulnerability, removal of
unauthorized access, and other remediation actions.
• Restores Operations — Procedures are in place to restore data and business operations to an interim state that permits the achievement of entity objectives.
• Develops and Implements Communication Protocols for Security Incidents — Protocols for communicating security incidents and actions taken to affected parties
are developed and implemented to meet the entity's objectives.
• Obtains Understanding of Nature of Incident and Determines Containment Strategy
— An understanding of the nature (for example, the method by which the incident
occurred and the affected system resources) and severity of the security incident is
obtained to determine the appropriate containment strategy, including (1) a determination of the appropriate response time frame, and (2) the determination and execution of the containment approach.
• Remediates Identified Vulnerabilities — Identified vulnerabilities are remediated
through the development and execution of remediation activities.
• Communicates Remediation Activities — Remediation activities are documented
and communicated in accordance with the incident-response program.
• Evaluates the Effectiveness of Incident Response — The design of incident-response
activities is evaluated for effectiveness on a periodic basis.
• Periodically Evaluates Incidents — Periodically, management reviews incidents related to security, availability, processing integrity, confidentiality, and privacy and
identifies the need for system changes based on incident patterns and root causes
Communicates Unauthorized Use and Disclosure — Events that resulted in unauthorized use or disclosure of personal information are communicated to the data
subjects, legal and regulatory authorities, and others as required.
• Application of Sanctions — The conduct of individuals and organizations operating
under the authority of the entity and involved in the unauthorized use or disclosure
of personal information is evaluated and, if appropriate, sanctioned in accordance with entity policies and legal and regulatory requirements |
|
17 |
| SWIFT_CSCF_v2022 |
11.2 |
SWIFT_CSCF_v2022_11.2 |
SWIFT CSCF v2022 11.2 |
11. Monitor in case of Major Disaster |
Ensure a consistent and effective approach for the management of incidents (Problem Management). |
Shared |
n/a |
Ensure a consistent and effective approach for the management of incidents (Problem Management). |
link |
20 |
| SWIFT_CSCF_v2022 |
7.1 |
SWIFT_CSCF_v2022_7.1 |
SWIFT CSCF v2022 7.1 |
7. Plan for Incident Response and Information Sharing |
Ensure a consistent and effective approach for the management of cyber incidents. |
Shared |
n/a |
The user has a defined and tested cyber-incident response plan. |
link |
8 |