Back

Employ tools and mechanisms to support the organization's Incident Response program.


CONTROL ID
13182
CONTROL TYPE
Acquisition/Sale of Assets or Services
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain an Incident Response program., CC ID: 00579

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Banks would need to establish a clear allocation of responsibility for regular monitoring, and the processes and tools in this regard should be in a position to manage the volume of monitoring required, thereby reducing the risk of an incident going undetected. (Critical components of information security 17) iv., Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)
  • The FI should ensure sufficient resources are available to facilitate and support incident response and recovery. The FI may engage external assistance to augment its resources to facilitate and support incident response and recovery. For example, the FI can engage an incident response and security … (§ 7.7.2, Technology Risk Management Guidelines, January 2021)
  • Financial institutions should establish and implement policies and procedures to detect anomalous activities that may impact financial institutions' information security and to respond to these events appropriately. As part of this continuous monitoring, financial institutions should implement appro… (3.4.5 38, Final Report EBA Guidelines on ICT and security risk management)
  • Detection policies, procedures, and tools are defined and implemented on infrastructure and software to identify potential intrusions, inappropriate access, and anomalies in the operation of or unusual activity on systems. Procedures may include (1) a defined governance process for security event de… (CC7.2 ¶ 2 Bullet 1 Implements Detection Policies, Procedures, and Tools, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (with Revised Points of Focus – 2022))
  • The organization employs automated mechanisms to support the incident handling process (IR-4(1) ¶ 1, StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
  • The organization employs automated mechanisms to support the incident handling process (IR-4(1) ¶ 1, StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • Detection policies and procedures are defined and implemented, and detection tools are implemented on Infrastructure and software to identify anomalies in the operation or unusual activity on systems. Procedures may include (1) a defined governance process for security event detection and management… (CC7.2 Implements Detection Policies, Procedures, and Tools, Trust Services Criteria)
  • Detection policies and procedures are defined and implemented and detection tools are implemented on infrastructure and software to identify anomalies in the operation or unusual activity on systems. Procedures may include (1) a defined governance process for security event detection and management … (CC7.2 ¶ 2 Bullet 1 Implements Detection Policies, Procedures, and Tools, Trust Services Criteria, (includes March 2020 updates))
  • Corrective action. Upon any responsible SCI personnel having a reasonable basis to conclude that an SCI event has occurred, each SCI entity shall begin to take appropriate corrective action which shall include, at a minimum, mitigating potential harm to investors and market integrity resulting from … (§242.1002(a), 17 CFR PART 242, Regulations M, SHO, ATS, AC, NMS, and SBSR and Customer Margin Requirements for Security Futures)
  • may include using automated tools; and (§ 3554(b)(7)(B), Federal Information Security Modernization Act of 2014)
  • Use a combination of manual and automated, real-time responses to anomalous activities that match incident patterns. (IR.5.102, Cybersecurity Maturity Model Certification, Version 1.0, Level 5)
  • Employ automated tools to support near-real-time analysis of events in support of detecting system-level attacks. (§ 5.10.1.3 ¶ 3(6), Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.8, Version 5.8)
  • The agency shall promptly report incident information to appropriate authorities. Security events, including identified weaknesses associated with the event, shall be communicated in a manner allowing timely corrective action to be taken. Formal event reporting and escalation procedures shall be in … (§ 5.3.1 ¶ 1, Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.8, Version 5.8)
  • The agency shall implement an incident handling capability for security incidents that includes preparation, detection and analysis, containment, eradication, and recovery. Wherever feasible, the agency shall employ automated mechanisms to support the incident handling process. (§ 5.3.2.1 ¶ 1, Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.9.1, Version 5.9.1)
  • The agency shall promptly report incident information to appropriate authorities. Security events, including identified weaknesses associated with the event, shall be communicated in a manner allowing timely corrective action to be taken. Formal event reporting and escalation procedures shall be in … (§ 5.3.1 ¶ 1, Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.9.1, Version 5.9.1)
  • Tools and processes are in place to detect, alert, and trigger the incident response program. (Domain 5: Assessment Factor: Detection, Response, and Mitigation, DETECTION Baseline 1 ¶ 3, FFIEC Cybersecurity Assessment Tool, Baseline, May 2017)
  • Policies and procedures to guide the response, assigning responsibilities to individuals; providing appropriate training; formalizing information flows; and selecting, installing, and understanding the tools used in the response effort. (App A Objective 8.6.e, FFIEC Information Technology Examination Handbook - Information Security, September 2016)
  • The organization employs automated mechanisms to support the incident handling process. (IR-4(1) High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • The organization employs automated mechanisms to support the incident handling process. (IR-4(1) Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Support the incident handling process using [Assignment: organization-defined automated mechanisms]. (IR-4(1) ¶ 1, FedRAMP Security Controls High Baseline, Version 5)
  • Support the incident handling process using [Assignment: organization-defined automated mechanisms]. (IR-4(1) ¶ 1, FedRAMP Security Controls Moderate Baseline, Version 5)
  • Support the incident handling process using [Assignment: organization-defined automated mechanisms]. (IR-4(1) ¶ 1, Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • Support the incident handling process using [Assignment: organization-defined automated mechanisms]. (IR-4(1) ¶ 1, Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
  • The organization employs automated mechanisms to support the incident handling process. (IR-4(1) ¶ 1 Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • The organization employs automated mechanisms to support the incident handling process. (IR-4(1) ¶ 1 High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • The organization employs automated mechanisms to support the incident handling process (IR-4(1) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • The organization employs automated mechanisms to support the incident handling process (IR-4(1) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
  • The organization employs automated mechanisms to support the incident handling process (IR-4(1) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Support the incident handling process using [Assignment: organization-defined automated mechanisms]. (IR-4(1) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Support the incident handling process using [Assignment: organization-defined automated mechanisms]. (IR-4(1) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • The organization employs automated mechanisms to support the incident handling process (IR-4(1) ¶ 1, TX-RAMP Security Controls Baseline Level 2)