| Control | Status | |
|---|---|---|
| Incident Response Operations | Mechanisms exist to implement and govern processes and documentation to facilitate an organization-wide response capability for cybersecurity & data privacy-related incidents. | |
| Incident Handling | Mechanisms exist to cover: (1) Preparation; (2) Automated event detection or manual incident report intake; (3) Analysis; (4) Containment; (5) Eradication; and (6) Recovery. | |
| Incident Classification & Prioritization | Mechanisms exist to identify classes of incidents and actions to take to ensure the continuation of organizational missions and business functions. | |
| Correlation with External Organizations | Mechanisms exist to coordinate with approved third-parties to achieve a cross-organization perspective on incident awareness and more effective incident responses. | |
| Indicators of Compromise (IOC) | Mechanisms exist to define specific Indicators of Compromise (IOC) to identify the signs of potential cybersecurity events. | |
| Incident Response Plan (IRP) | Mechanisms exist to maintain and make available a current and viable Incident Response Plan (IRP) to all stakeholders. | |
| Data Breach | Mechanisms exist to address data breaches, or other incidents involving the unauthorized disclosure of sensitive or regulated data, according to applicable laws, regulations and contractual obligations. | |
| IRP Update | Mechanisms exist to regularly review and modify incident response practices to incorporate lessons learned, business process changes and industry developments, as necessary. | |
| Incident Response Training | Mechanisms exist to train personnel in their incident response roles and responsibilities. | |
| Incident Response Testing | Mechanisms exist to formally test incident response capabilities through realistic exercises to determine the operational effectiveness of those capabilities. | |
| Coordination with Related Plans | Mechanisms exist to coordinate incident response testing with organizational elements responsible for related plans. | |
| Integrated Security Incident Response Team (ISIRT) | Mechanisms exist to establish an integrated team of cybersecurity, IT and business function representatives that are capable of addressing cybersecurity & data privacy incident response operations. | |
| Chain of Custody & Forensics | Mechanisms exist to perform digital forensics and maintain the integrity of the chain of custody, in accordance with applicable laws, regulations and industry-recognized secure practices. | |
| Situational Awareness For Incidents | Mechanisms exist to document, monitor and report the status of cybersecurity & data privacy incidents to internal stakeholders all the way through the resolution of the incident. | |
| Incident Stakeholder Reporting | Mechanisms exist to timely-report incidents to applicable: (1) Internal stakeholders; (2) Affected clients & third-parties; and (3) Regulatory authorities. | |
| Cyber Incident Reporting for Sensitive / Regulated Data | Mechanisms exist to report sensitive/regulated data incidents in a timely manner. | |
| Vulnerabilities Related To Incidents | Mechanisms exist to report system vulnerabilities associated with reported cybersecurity & data privacy incidents to organization-defined personnel or roles. | |
| Supply Chain Coordination | Mechanisms exist to provide cybersecurity & data privacy incident information to the provider of the product or service and other organizations involved in the supply chain for systems or system components related to the incident. | |
| Coordination With External Providers | Mechanisms exist to establish a direct, cooperative relationship between the organization's incident response capability and external service providers. | |
| Sensitive / Regulated Data Spill Response | Mechanisms exist to respond to sensitive /regulated data spills. | |
| Root Cause Analysis (RCA) & Lessons Learned | Mechanisms exist to incorporate lessons learned from analyzing and resolving cybersecurity & data privacy incidents to reduce the likelihood or impact of future incidents. | |
| Regulatory & Law Enforcement Contacts | Mechanisms exist to maintain incident response contacts with applicable regulatory and law enforcement agencies. | |
| Detonation Chambers (Sandboxes) | Mechanisms exist to utilize a detonation chamber capability to detect and/or block potentially-malicious files and email attachments. | |
| Public Relations & Reputation Repair | Mechanisms exist to proactively manage public relations associated with incidents and employ appropriate measures to prevent further reputational damage and develop plans to repair any damage to the organization's reputation. |