IR - INCIDENT RESPONSE
IR-4: INCIDENT HANDLING
Security handling capability for security incidents are implemented. Incident handling activities are coordinated with contingency planning activities. Lessons learned from ongoing incident handling activities are incorporated into incident response procedures, training, and testing.
IR-1: INCIDENT RESPONSE POLICY AND PROCEDURES
General overview control.
IR-3: INCIDENT RESPONSE TESTING
Incident capabilities are actively tested at a certain frequency using certain tests.
IR-8: INCIDENT RESPONSE PLAN
Incident response plan is developed and implemented. Lots of other small requirements in this control.
IR-6: INCIDENT REPORTING
Organization requires employees to report suspected security incidents to organization incident response capability within a certain period of time. Security incident info is reported to a certain authority.
IR-3(2): COORDINATION WITH RELATED PLANS
The organization coordinates incident response testing with organizational elements responsible for related plans.
IR-6(1): AUTOMATED REPORTING
The organization employs automated mechanisms to assist in the reporting of security incidents.
IR-7(1): AUTOMATED SUPPORT FOR AVAILABILITY OF INFORMATION / SUPPORT
The organization employs automated mechanisms to increase the availability of incident response-related information and support.
IR-4(1): AUTOMATED INCIDENT HANDLING PROCESSES
The organization employs automated mechanisms to support the incident handling process.
IR-2: INCIDENT RESPONSE TRAINING
The organization implements incident response training to info system users consistent with assigned roles and responsibilities.
IR-7: INCIDENT RESPONSE ASSISTANCE
The organization provides an incident response support resource, integral to the organizational incident response capability that offers advice and assistance to users of the information system for the handling and reporting of security incidents.
IR-5: INCIDENT MONITORING
The organization tracks and documents information system security incidents.