|
controlIR-4
Incident Handling (IR-4)
Implement an incident handling capability for incidents that is consistent with the incident response plan and includes preparation, detection and analysis, containment, eradication, and recovery; Coordinate incident handling activities with contingency planning activities; Incorporate lessons learned from ongoing incident handling activities into incident response procedures, training, and testing, and implement the resulting changes accordingly; and Ensure the rigor, intensity, scope, and resu
Security Baselines
LOWMODERATEHIGH
incident-responsedetectioncontainment
Why These Connect
Baselined In3
This control is included in the linked security baseline (LOW, MODERATE, or HIGH).
Supports45
These related controls work together — a change to one may affect the others.
Enhances15
These enhancements add specific capabilities or refinements to the base control.
Related Controls(30)
AT-3Role-based Training (AT-3)
LMH
AU-7Audit Record Reduction and Report Generation (AU-7)MH
CA-3Information Exchange (CA-3)LMH
CP-2Contingency Plan (CP-2)LMH
CP-3Contingency Training (CP-3)LMH
CP-4Contingency Plan Testing (CP-4)LMH
CP-10System Recovery and Reconstitution (CP-10)LMH
IR-2Incident Response Training (IR-2)LMH
IR-3Incident Response Testing (IR-3)MH
AC-19Access Control for Mobile Devices (AC-19)LMH
AU-6Audit Record Review, Analysis, and Reporting (AU-6)LMH
CM-6Configuration Settings (CM-6)LMH
IR-5Incident Monitoring (IR-5)LMH
IR-6Incident Reporting (IR-6)LMH
IR-8Incident Response Plan (IR-8)LMH
PE-6Monitoring Physical Access (PE-6)LMH
PL-2System Security and Privacy Plans (PL-2)LMH
PM-12Insider Threat Program (PM-12)SA-8Security and Privacy Engineering Principles (SA-8)LMH
SC-5Denial-of-service Protection (SC-5)LMH
SC-7Boundary Protection (SC-7)LMH
SI-3Malicious Code Protection (SI-3)LMH
SI-4System Monitoring (SI-4)LMH
SI-7Software, Firmware, and Information Integrity (SI-7)MH
IR-7Incident Response Assistance (IR-7)LMH
PM-16Threat Awareness Program (PM-16)SA-9External System Services (SA-9)LMH
SA-24Design For Cyber Resiliency (SA-24)SR-2Supply Chain Risk Management Plan (SR-2)LMH
SR-8Notification Agreements (SR-8)LMH
Control Enhancements(15)
IR-4(1)Automated Incident Handling Processes (IR-4(1))
MH
IR-4(2)Dynamic Reconfiguration (IR-4(2))IR-4(3)Continuity of Operations (IR-4(3))IR-4(4)Information Correlation (IR-4(4))H
IR-4(5)Automatic Disabling of System (IR-4(5))IR-4(6)Insider Threats (IR-4(6))IR-4(7)Insider Threats — Intra-organization Coordination (IR-4(7))IR-4(8)Correlation with External Organizations (IR-4(8))IR-4(9)Dynamic Response Capability (IR-4(9))IR-4(10)Supply Chain Coordination (IR-4(10))IR-4(11)Integrated Incident Response Team (IR-4(11))H
IR-4(12)Malicious Code and Forensic Analysis (IR-4(12))IR-4(13)Behavior Analysis (IR-4(13))IR-4(14)Security Operations Center (IR-4(14))IR-4(15)Public Relations and Reputation Repair (IR-4(15))