Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization coordinates with [FedRAMP Assignment: (H) external organizations including consumer incident responders and network defenders and the appropriate consumer incident response team (CIRT)/ Computer Emergency Response Team (CERT) (such as US-CERT, DoD CERT, IC CERT)] to correlate and share [Assignment: organization-defined incident information] to achieve a cross- organization perspective on incident awareness and more effective incident responses.
NIST 800-53 (r4) Supplemental Guidance:
The coordination of incident information with external organizations including, for example, mission/business partners, military/coalition partners, customers, and multitiered developers, can provide significant benefits. Cross-organizational coordination with respect to incident handling can serve as an important risk management capability. This capability allows organizations to leverage critical information from a variety of sources to effectively respond to information security-related incidents potentially affecting the organization’s operations, assets, and individuals.
References: None.
NIST 800-53 (r5) Discussion:
The coordination of incident information with external organizations—including mission or business partners, military or coalition partners, customers, and developers—can provide significant benefits. Cross-organizational coordination can serve as an important risk management capability. This capability allows organizations to leverage information from a variety of sources to effectively respond to incidents and breaches that could potentially affect the organization’s operations, assets, and individuals.
38North Guidance:
Meets Minimum Requirement:
The organization has defined any external organizations and the appropriate consumer incident response team that they must coordinate and share information with.
The organization has defined the type of incident information that will be shared with external organizations.
The organization develops procedures for coordinating and sharing information with the defined external organizations, to include but not limited to the roles responsible for the coordination, the type of incident information that should be shared, how is the incident information shared, what types of incidents are shared, etc.
Best Practice:
TBD
Unofficial FedRAMP Guidance:
TBD
Assessment Evidence:
Incident response plan or procedures outlining the external organizations/authorities and processes for sharing incident information with those organizations/authorities.
Incident response tickets or documentation showing coordination with the defined external organizations/authorities for previous security incidents.
CSP Implementation Tips:
Amazon Web Services (AWS): TBD
Microsoft Azure: TBD
Google Cloud Platform: TBD
Page updated
Report abuse