ID.IM-04: Incident response plans and other cybersecurity plans that affect operations are established, communicated, maintained, and improved


[ Note: Subcategories do not have detailed descriptions. However NIST has provided the following implementation examples.]

Implementation Examples

1st: 1st Party Risk

Ex1: Establish contingency plans (e.g., incident response, business continuity, disaster recovery) for responding to and recovering from adverse events that can interfere with operations, expose confidential information, or otherwise endanger the organization's mission and viability

Ex2: Include contact and communication information, processes for handling common scenarios, and criteria for prioritization, escalation, and elevation in all contingency plans

Ex3: Create a vulnerability management plan to identify and assess all types of vulnerabilities and to prioritize, test, and implement risk responses

Ex4: Communicate cybersecurity plans (including updates) to those responsible for carrying them out and to affected parties

Ex5: Review and update all cybersecurity plans annually or when a need for significant improvements is identified