Back

Include business continuity procedures in the Incident Response program.


CONTROL ID
06433
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain an Incident Response program., CC ID: 00579

This Control has the following implementation support Control(s):
  • Coordinate backup procedures as defined in the system continuity plan with backup procedures necessary for incident response procedures., CC ID: 06432


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • system contingency measures or a reference to such details if they are located in a separate document. (Security Control: 0043; Revision: 3; Bullet 8, Australian Government Information Security Manual)
  • how capabilities can be maintained during a denial of service (Security Control: 1019; Revision: 7; Bullet 3, Australian Government Information Security Manual)
  • In APRA's view, a regulated entity would benefit from clear linkages between information security response plans and business continuity processes, including crisis management, continuity plans and recovery plans. This could involve integration with third party and related party plans and processes. (77., APRA Prudential Practice Guide CPG 234 Information Security, June 2019)
  • Policies and instructions with technical and organisational safeguards are documented, communicated and provided according to SA-01 in order to ensure a fast, effective and proper response to all known security incidents. On the part of the cloud provider, at least the roles listed in OIS-03 must be… (Section 5.13 SIM-01 Basic requirement ¶ 1, Cloud Computing Compliance Controls Catalogue (C5))
  • Verify the incident response plan includes procedures for business recovery and continuity. (§ 12.9.1.a Bullet 3, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 2.0)
  • The incident response plan must include business recovery and continuity procedures. (PCI DSS Requirements § 12.10.1 Bullet 3, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 3.0)
  • Create the incident response plan to be implemented in the event of system breach. Ensure the plan addresses the following, at a minimum: - Roles, responsibilities, and communication and contact strategies in the event of a compromise including notification of the payment brands, at a minimum - Spec… (12.10.1, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 3.1 April 2015)
  • Create the incident response plan to be implemented in the event of system breach. Ensure the plan addresses the following, at a minimum: - Roles, responsibilities, and communication and contact strategies in the event of a compromise including notification of the payment brands, at a minimum - Spec… (12.10.1, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, v3.2.1)
  • Create the incident response plan to be implemented in the event of system breach. Ensure the plan addresses the following, at a minimum: - Roles, responsibilities, and communication and contact strategies in the event of a compromise including notification of the payment brands, at a minimum - Spec… (12.10.1, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 3.2)
  • Does the plan address the following, at a minimum: - Roles, responsibilities, and communication and contact strategies in the event of a compromise including notification of the payment brands, at a minimum? - Specific incident response procedures? - Business recovery and continuity procedures? - Da… (12.10.1 (b), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire A-EP and Attestation of Compliance, Version 3.1)
  • Business recovery and continuity procedures? (12.10.1(b)(3), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire A-EP and Attestation of Compliance, Version 3.2)
  • Business recovery and continuity procedures? (12.10.1 (b)(3), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire C and Attestation of Compliance, Version 3.1)
  • Business recovery and continuity procedures? (12.10.1(b)(3), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire C and Attestation of Compliance, Version 3.2)
  • Does the plan address the following, at a minimum: - Roles, responsibilities, and communication and contact strategies in the event of a compromise including notification of the payment brands, at a minimum? - Specific incident response procedures? - Business recovery and continuity procedures? - … (12.10.1 (b), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.1)
  • Does the plan address the following, at a minimum: - Roles, responsibilities, and communication and contact strategies in the event of a compromise including notification of the payment brands, at a minimum? - Specific incident response procedures? - Business recovery and continuity procedures? - … (12.10.1(b)(3), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.2)
  • Business recovery and continuity procedures? (12.10.1 (b) Bullet 3, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.1)
  • Business recovery and continuity procedures? (12.10.1(b)(3), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.2)
  • Verify that the incident response plan includes: - Roles, responsibilities, and communication strategies in the event of a compromise including notification of the payment brands, at a minimum - Specific incident response procedures - Business recovery and continuity procedures - Data backup process… (12.10.1.a, Payment Card Industry (PCI) Data Security Standard, Testing Procedures, Version 3.2)
  • Business recovery and continuity procedures. (12.10.1 Bullet 3, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Requirements, Version 4.0)
  • Does the incident response plan address the business recovery and continuity procedures? (PCI DSS Question 12.10.1(b) Bullet 3, PCI DSS Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.0)
  • Does the incident response plan address the business recovery and continuity procedures? (PCI DSS Question 12.10.1(b) Bullet 3, PCI DSS Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.0)
  • Business recovery and continuity procedures. (12.10.1 Bullet 3, Self-Assessment Questionnaire A and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Business recovery and continuity procedures. (12.10.1 Bullet 3, Self-Assessment Questionnaire A-EP and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Business recovery and continuity procedures. (12.10.1 Bullet 3, Self-Assessment Questionnaire C and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Business recovery and continuity procedures. (12.10.1 Bullet 3, Self-Assessment Questionnaire D for Merchants and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Business recovery and continuity procedures. (12.10.1 Bullet 3, Self-Assessment Questionnaire D for Service Providers and Attestation of Compliance for use with PCI DSS Version 4.0)
  • The organization shall establish, implement, and maintain business continuity procedures to manage a disruptive incident and continue its activities based on recovery objectives identified in the business impact analysis. (§ 8.4.1 ¶ 1, ISO 22301: Societal Security - Business Continuity Management Systems - Requirements, Corrected Version)
  • be flexible to respond to unanticipated threats and changing internal and external conditions, (§ 8.4.1 ¶ 3 c), ISO 22301: Societal Security - Business Continuity Management Systems - Requirements, Corrected Version)
  • The organization is resilient and able to operate while experiencing a cyber attack. (Resilience (DM.RS), CRI Profile, v1.2)
  • Coordinates contingency planning activities with incident handling activities; (CP-2c., StateRAMP Security Controls Baseline Summary Category 1, Version 1.1)
  • Coordinates contingency planning activities with incident handling activities; (CP-2c., StateRAMP Security Controls Baseline Summary Category 2, Version 1.1)
  • Coordinates contingency planning activities with incident handling activities; (CP-2c., StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
  • Coordinates contingency planning activities with incident handling activities; (CP-2c., StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • Incident response; (TIER I OBJECTIVES AND PROCEDURES Risk Management Objective 4:5 Bullet 6, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
  • The following policies, standards, and processes should be integrated into the business continuity planning process: - Security Standards; - Project Management; - Change Control Policies; - Data Synchronization Procedures; - Crises Management; - Incident Response; - Remote Access; - Employee Trainin… (Other Policies, Standards and Processes, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, February 2015)
  • Determine whether the BCP includes event management procedures that detail reasonably foreseeable event types, and those procedures include threshold metrics and response methods. (App A Objective 8:3, FFIEC Business Continuity Planning (BCP) IT Examination Handbook, November 2019)
  • The institution has policies commensurate with its risk and complexity that address the concepts of incident response and resilience. (Domain 1: Assessment Factor: Governance, STRATEGY/POLICIES Baseline 2 ¶ 6, FFIEC Cybersecurity Assessment Tool, Baseline, May 2017)
  • The institution plans to use business continuity, disaster recovery, and data backup programs to recover operations following an incident. (Domain 5: Assessment Factor: Resillience Planning and Strategy, PLANNING Baseline 1 ¶ 6, FFIEC Cybersecurity Assessment Tool, Baseline, May 2017)
  • Determine whether the institution has risk monitoring and reporting processes that address changing threat conditions in both the institution and the greater financial industry. Determine whether these processes address information security events faced by the institution, the effectiveness of manag… (App A Objective 7.1, FFIEC Information Technology Examination Handbook - Information Security, September 2016)
  • Coordinates contingency planning activities with incident handling activities; (CP-2c. High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Coordinates contingency planning activities with incident handling activities; (CP-2c. Low Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Coordinates contingency planning activities with incident handling activities; (CP-2c. Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Coordinate contingency planning activities with incident handling activities; (CP-2c., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • Coordinate contingency planning activities with incident handling activities; (CP-2c., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Low Impact Baseline, October 2020)
  • Coordinate contingency planning activities with incident handling activities; (CP-2c., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
  • Coordinate contingency planning activities with incident handling activities; (CP-2c., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Baseline Controls)
  • Coordinate contingency planning activities with incident handling activities; (CP-2c., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 2 Controls)
  • Coordinate contingency planning activities with incident handling activities; (CP-2c., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 3 Controls)
  • Coordinates contingency planning activities with incident handling activities; (CP-2c. Low Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Coordinates contingency planning activities with incident handling activities; (CP-2c. Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Coordinates contingency planning activities with incident handling activities; (CP-2c. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • The organization coordinates contingency planning activities with incident handling activities. (CP-2c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization coordinates incident handling activities with contingency planning activities. (IR-4b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization coordinates contingency planning activities with incident handling activities. (CP-2c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization coordinates incident handling activities with contingency planning activities. (IR-4b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization coordinates contingency planning activities with incident handling activities. (CP-2c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization coordinates incident handling activities with contingency planning activities. (IR-4b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization coordinates incident handling activities with contingency planning activities. (IR-4b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization coordinates contingency planning activities with incident handling activities. (CP-2c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Deprecated, Revision 4, Deprecated)
  • Coordinates contingency planning activities with incident handling activities; (CP-2c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • Coordinates contingency planning activities with incident handling activities; (CP-2c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Revision 4)
  • Coordinates contingency planning activities with incident handling activities; (CP-2c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
  • Coordinates contingency planning activities with incident handling activities; (CP-2c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Coordinate contingency planning activities with incident handling activities; (CP-2c., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Coordinates contingency planning activities with incident handling activities; (CP-2c., Supply Chain Risk Management Practices for Federal Information Systems and Organizations, NIST Special Publication 800-161, April 2015)
  • Coordinates contingency planning activities with incident handling activities; (CP-2c., TX-RAMP Security Controls Baseline Level 1)
  • Coordinates contingency planning activities with incident handling activities; (CP-2c., TX-RAMP Security Controls Baseline Level 2)