Include coordination amongst entities in the incident response policy.

Back

CONTROL ID
14107

CONTROL TYPE
Establish/Maintain Documentation

CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS

This Control directly supports the implied Control(s):

Establish, implement, and maintain an incident response policy., CC ID: 14024

There are no implementation support Controls.

SELECTED AUTHORITY DOCUMENTS COMPLIED WITH

an identification of the measures ensuring preparedness for, responsiveness to and recovery from incidents, including cooperation between the public and private sectors; (Article 7 1(e), DIRECTIVE (EU) 2022/2555 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive))
national procedures and arrangements between relevant national authorities and bodies to ensure the Member State's effective participation in and support of the coordinated management of large-scale cybersecurity incidents and crises at Union level. (Article 9 4(f), DIRECTIVE (EU) 2022/2555 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive))
Establish and maintain an incident response process that addresses roles and responsibilities, compliance requirements, and a communication plan. Review annually, or when significant enterprise changes occur that could impact this Safeguard. (CIS Control 17: Safeguard 17.4 Establish and Maintain an Incident Response Process, CIS Controls, V8)
An incident response policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (IR-1a.1., StateRAMP Security Controls Baseline Summary Category 1, Version 1.1)
An incident response policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (IR-1a.1., StateRAMP Security Controls Baseline Summary Category 2, Version 1.1)
An incident response policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (IR-1a.1., StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
An incident response policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (IR-1a.1., StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
An incident response policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (IR-1a.1. High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
An incident response policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (IR-1a.1. Low Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
An incident response policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (IR-1a.1. Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (IR-1a.1(a), FedRAMP Security Controls High Baseline, Version 5)
Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (IR-1a.1(a), FedRAMP Security Controls Low Baseline, Version 5)
Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (IR-1a.1(a), FedRAMP Security Controls Moderate Baseline, Version 5)
Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (IR-1a.1(a), Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (IR-1a.1(a), Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Low Impact Baseline, October 2020)
Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (IR-1a.1(a), Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (IR-1a.1(a), Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Privacy Control Baseline, October 2020)
Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (IR-1a.1(a), Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Baseline Controls)
Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (IR-1a.1(a), Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Flow Down Controls)
Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (IR-1a.1(a), Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 1 Controls)
Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (IR-1a.1(a), Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 2 Controls)
Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (IR-1a.1(a), Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 3 Controls)
An incident response policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (IR-1a.1. Low Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
An incident response policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (IR-1a.1. Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
An incident response policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (IR-1a.1. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
During the preparation of the incident response plan, input should be obtained from the various stakeholders including operations, engineering, IT, system support vendors, management, organized labor, legal, and safety. These stakeholders should also review and approve the plan. (§ 6.2.8 ICS-specific Recommendations and Guidance ¶ 4, Guide to Industrial Control Systems (ICS) Security, Revision 2)
An incident response policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (IR-1a.1., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
An incident response policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (IR-1a.1., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Revision 4)
An incident response policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (IR-1a.1., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
An incident response policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (IR-1a.1., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (IR-1a.1(a), Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (IR-1a.1(a), Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
An incident response policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (IR-1a.1., Supply Chain Risk Management Practices for Federal Information Systems and Organizations, NIST Special Publication 800-161, April 2015)
An incident response policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (IR-1a.1., TX-RAMP Security Controls Baseline Level 1)
An incident response policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (IR-1a.1., TX-RAMP Security Controls Baseline Level 2)