Doc:NIST SP 800-53r3 Appendix F/IR-4
IR-4 INCIDENT HANDLING
- Control: The organization:
- a. Implements an incident handling capability for security incidents that includes preparation, detection and analysis, containment, eradication, and recovery;
- c. Incorporates lessons learned from ongoing incident handling activities into incident response procedures, training, and testing/exercises, and implements the resulting changes accordingly.
- Supplemental Guidance: Incident-related information can be obtained from a variety of sources including, but not limited to, audit monitoring, network monitoring, physical access monitoring, and user/administrator reports. Related controls: AU-6, CP-2, IR-2, IR-3, PE-6, SC-5, SC-7, SI-3, SI-4, SI-7.
- Control Enhancements: