RS.MA-01: The incident response plan is executed in coordination with relevant third parties once an incident is declared

Info icon.

Subcategory is new to this version of the framework and incorporates the following items from the previous version: RS.CO-4: Coordination with stakeholders occurs consistent with response plans, RS.RP-1: Response plan is executed during or after an incident.


[ Note: Subcategories do not have detailed descriptions. However NIST has provided the following implementation examples.]

Implementation Examples

Ex1: Detection technologies automatically report confirmed incidents

Ex2: Request incident response assistance from the organization's incident response outsourcer

Ex3: Designate an incident lead for each incident

Ex4: Initiate execution of additional cybersecurity plans as needed to support incident response (for example, business continuity and disaster recovery)

3rd: 3rd Party Risk