Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization incorporates simulated events into incident response training to facilitate effective response by personnel in crisis situations.
NIST 800-53 (r4) Supplemental Guidance:
None.
References: None.
NIST 800-53 (r5) Discussion:
Organizations establish requirements for responding to incidents in incident response plans. Incorporating simulated events into incident response training helps to ensure that personnel understand their individual responsibilities and what specific actions to take in crisis situations.
38North Guidance:
Meets Minimum Requirement:
Simulated scenarios and/or mock exercises are provided as part of the incident response training to prepare those with roles and responsibilities of incident response procedures. This can be covered by IR-3 depending on the type of incident response testing performed.
Best Practice:
TBD
Unofficial FedRAMP Guidance:
TBD
Assessment Evidence:
Incident response training materials/curriculum
Incident response test plan and results.
Evidence of the simulated events such as emails, recordings, etc.
CSP Implementation Tips:
Amazon Web Services (AWS): TBD
Microsoft Azure: TBD
Google Cloud Platform: TBD
Page updated
Report abuse