Back

Establish trust between the incident response team and the end user community during an incident.


CONTROL ID
01217
CONTROL TYPE
Testing
CLASSIFICATION
Detective

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain an Incident Response program., CC ID: 00579

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Establishes a direct, cooperative relationship between its incident response capability and external providers of information system protection capability; and (IR-7(2)(a), StateRAMP Security Controls Baseline Summary Category 2, Version 1.1)
  • Establishes a direct, cooperative relationship between its incident response capability and external providers of information system protection capability; and (IR-7(2)(a), StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
  • Establishes a direct, cooperative relationship between its incident response capability and external providers of information system protection capability; and (IR-7(2)(a), StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • (SP-3.4, Federal Information System Controls Audit Manual (FISCAM), February 2009)
  • Establishes a direct, cooperative relationship between its incident response capability and external providers of information system protection capability; and (IR-7(2)(a) High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Establishes a direct, cooperative relationship between its incident response capability and external providers of information system protection capability; and (IR-7(2)(a) Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Establish a direct, cooperative relationship between its incident response capability and external providers of system protection capability; and (IR-7(2)(a), Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Flow Down Controls)
  • Establish a direct, cooperative relationship between its incident response capability and external providers of system protection capability; and (IR-7(2)(a), Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 3 Controls)
  • Incident Response (IR): Organizations must: (i) establish an operational incident handling capability for organizational information systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities; and (ii) track, document, and report incidents to… (§ 3, FIPS Pub 200, Minimum Security Requirements for Federal Information and Information Systems, March 2006)
  • Organizational records and documents should be examined to ensure the organization offers users advice and assistance for handling and reporting security incidents, personnel are following the appropriate procedures, automated mechanisms are used for the incident response functions, and specific res… (IR-7, IR-7(1), IR-7.8, Guide for Assessing the Security Controls in Federal Information Systems, NIST SP 800-53A)
  • Establish relationships, if applicable, between the incident response team and other groups, both internal (e.g., legal department) and external (e.g., law enforcement agencies, vendors, public relations professionals). (T0096, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • The organization should establish a direct, cooperative relationship between the external providers of system protection capability and the incident response capability. (App F § IR-7(2)(a), Recommended Security Controls for Federal Information Systems, NIST SP 800-53)
  • Establish relationships, if applicable, between the incident response team and other groups, both internal (e.g., legal department) and external (e.g., law enforcement agencies, vendors, public relations professionals). (T0096, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • The organization establishes a direct, cooperative relationship between its incident response capability and external providers of information system protection capability. (IR-7(2)(a), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • Establishes a direct, cooperative relationship between its incident response capability and external providers of information system protection capability; and (IR-7(2)(a), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Establish a direct, cooperative relationship between its incident response capability and external providers of system protection capability; and (IR-7(2)(a), Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Establish a direct, cooperative relationship between its incident response capability and external providers of system protection capability; and (IR-7(2)(a), Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • An individual or a commercial entity that maintains computerized data that includes personal information that the individual or commercial entity does not own or license shall give notice to and cooperate with the owner or licensee of the information of any breach of the security of the system when … (§ 87-803(3), Nebraska Revised Statutes, Sections 87-801 thru 87-807, Data Protection and Consumer Notification of Data Security Breach Act of 2006)
  • Establishes a direct, cooperative relationship between its incident response capability and external providers of information system protection capability; and (IR-7(2)(a), TX-RAMP Security Controls Baseline Level 2)