RS.MA-02: Incident reports are triaged and validated

Info icon.

Subcategory is new to this version of the framework and incorporates the following items from the previous version: RS.AN-1: Notifications from detection systems are investigated, RS.AN-2: The impact of the incident is understood.


[ Note: Subcategories do not have detailed descriptions. However NIST has provided the following implementation examples.]

Implementation Examples

1st: 1st Party Risk

Ex1: Preliminarily review incident reports to confirm that they are cybersecurity-related and necessitate incident response activities

Ex2: Apply criteria to estimate the severity of an incident