Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization employs automated mechanisms to provide a more thorough and realistic incident response training environment.
NIST 800-53 (r4) Supplemental Guidance:
None.
References: NIST Special Publications 800-16, 800-50.
NIST 800-53 (r5) Discussion:
Automated mechanisms can provide a more thorough and realistic incident response training environment. This can be accomplished, for example, by providing more complete coverage of incident response issues, selecting more realistic training scenarios and environments, and stressing the response capability.
38North Guidance:
Meets Minimum Requirement:
Uses automated mechanisms as part of the incident response training, such as a ticketing system, email, or simulated SIEM alerts, to provide a more thorough and realistic training environment by incorporating the use of tools employed during a suspected or potential security incident.
Provides scenario-based courses/training
Best Practice:
TBD
Unofficial FedRAMP Guidance:
TBD
Assessment Evidence:
Incident response training procedures detailing what type of incident training is provided and whether any automated tooling is used.
Evidence of incident response training provided in the past
CSP Implementation Tips:
Amazon Web Services (AWS): TBD
Microsoft Azure: TBD
Google Cloud Platform: TBD
Page updated
Report abuse