Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization provides an incident response support resource, integral to the organizational incident response capability that offers advice and assistance to users of the information system for the handling and reporting of security incidents.
NIST 800-53 (r4) Supplemental Guidance:
Incident response support resources provided by organizations include, for example, help desks, assistance groups, and access to forensics services, when required. Related controls: AT-2, IR-4, IR-6, IR-8, SA-9.
References: None.
NIST 800-53 (r5) Discussion:
Incident response support resources provided by organizations include help desks, assistance groups, automated ticketing systems to open and track incident response tickets, and access to forensics services or consumer redress services, when required.
38North Guidance:
Meets Minimum Requirement:
The organization has incident response support resources that users can reference for assistance. Examples include:
A ticketing system or document repository that can be filtered and accessed by related teams
A help desk or security team that is available to system personnel that can offer assistance and advice in reporting and handling security incidents
Knowledge based articles or FAQs pertaining to reporting and handling security incidents
Best Practice:
TBD
Unofficial FedRAMP Guidance:
TBD
Assessment Evidence:
Procedures addressing who provides assistance and advice to users for handling and reporting security incidents, and their contact information
Examples of past incident response tickets in a ticket management system or copies of incident response reports in a centralized document repository
CSP Implementation Tips:
Amazon Web Services (AWS): TBD
Microsoft Azure: TBD
Google Cloud Platform: TBD
Page updated
Report abuse