Incident Response
Requirement to detect, respond to, and recover from security incidents with defined procedures and communication plans.
What Counts
- Documented incident response procedures
- Defined escalation paths and responsibilities
- Post-incident review and lessons learned
- Notification requirements and timelines
What Does Not Count
- Ad-hoc responses without documentation
- Plans that exist but are never tested or exercised
Implementing Frameworks
| Framework | Scope | Status | Provisions |
|---|---|---|---|
| NIST Cybersecurity Framework | Federal | active | 1 |