SEF-04: Incident Response Legal Preparation

Control Family:

Security Incident Management, E-Discovery, & Cloud Forensics

CSF v1.1 References:

ID.SC-5
PR.IP-9
RS.CO-1
RS.CO-2
RS.CO-4
RS.MI-1
RS.MI-2
RC.CO-3

PF v1.0 References:

PR.PO-P7

Control Statement

Proper forensic procedures, including chain of custody, are required for the presentation of evidence to support potential legal action subject to the relevant jurisdiction after an information security incident. Upon notification, customers and/or other external business partners impacted by a security breach shall be given the opportunity to participate as is legally permissible in the forensic investigation.

Control Statement

Related Controls

NIST Special Publication 800-53 Revision 5

NIST Special Publication 800-53 Revision 4