PR.IP-10: Response and recovery plans are tested
PF v1.0 References:
Description
[csf.tools Note: Subcategories do not have detailed descriptions.]
Related Controls
NIST Special Publication 800-53 Revision 5
CP-4: Contingency Plan Testing
Test the contingency plan for the system [Assignment: organization-defined frequency] using the following tests to determine the effectiveness of the plan and the readiness to execute the plan: [Assignment: organization-defined tests]. Review the contingency plan test results; and Initiate corrective actions, if needed.
IR-3: Incident Response Testing
Test the effectiveness of the incident response capability for the system [Assignment: organization-defined frequency] using the following tests: [Assignment: organization-defined tests].
PM-14: Testing, Training, and Monitoring
Implement a process for ensuring that organizational plans for conducting security and privacy testing, training, and monitoring activities associated with organizational systems: Are developed and maintained; and Continue to be executed; and Review testing, training, and monitoring plans for consistency with the organizational risk management strategy and organization-wide priorities for risk response actions.
NIST Special Publication 800-171 Revision 2
3.6.3: Test the organizational incident response capability
Organizations test incident response capabilities to determine the effectiveness of the capabilities and to identify potential weaknesses or deficiencies. Incident response testing includes the use of checklists, walk-through or tabletop exercises, simulations (both parallel and full interrupt), and comprehensive exercises. Incident response testing can also include a determination of the effects on organizational operations (e.g.,…
Cloud Controls Matrix v3.0.1
BCR-02: Business Continuity Testing
Business continuity and security incident response plans shall be subject to testing at planned intervals or upon significant organizational or environmental changes. Incident response plans shall involve impacted customers (tenant) and other business relationships that represent critical intra-supply chain business process dependencies.
SEF-02: Incident Management
Policies and procedures shall be established, and supporting business processes and technical measures implemented, to triage security-related events and ensure timely and thorough incident management, as per established IT service management policies and procedures.
Critical Security Controls Version 8
17: Incident Response Management
Establish a program to develop and maintain an incident response capability (e.g., policies, plans, procedures, defined roles, training, and communications) to prepare, detect, and quickly respond to an attack.
NIST Special Publication 800-53 Revision 4
CP-4: Contingency Plan Testing
The organization: Tests the contingency plan for the information system [Assignment: organization-defined frequency] using [Assignment: organization-defined tests] to determine the effectiveness of the plan and the organizational readiness to execute the plan; Reviews the contingency plan test results; and Initiates corrective actions, if needed.
IR-3: Incident Response Testing
The organization tests the incident response capability for the information system [Assignment: organization-defined frequency] using [Assignment: organization-defined tests] to determine the incident response effectiveness and documents the results.
PM-14: Testing, Training, And Monitoring
The organization: Implements a process for ensuring that organizational plans for conducting security testing, training, and monitoring activities associated with organizational information systems: Are developed and maintained; and Continue to be executed in a timely manner; Reviews testing, training, and monitoring plans for consistency with the organizational risk management strategy and organization-wide priorities for risk…
Critical Security Controls Version 7.1
19: Incident Response and Management
Protect the organization’s information, as well as its reputation, by developing and implementing an incident response infrastructure (e.g., plans, defined roles, training, communications, management oversight) for quickly discovering an attack and then effectively containing the damage, eradicating the attacker’s presence, and restoring the integrity of the network and systems.