RS.MA-03: Incidents are categorized and prioritized

Info icon.

Subcategory is new to this version of the framework and incorporates the following items from the previous version: RS.AN-2: The impact of the incident is understood, RS.AN-4: Incidents are categorized consistent with response plans.


[ Note: Subcategories do not have detailed descriptions. However NIST has provided the following implementation examples.]

Implementation Examples

1st: 1st Party Risk

Ex1: Further review and categorize incidents based on the type of incident (e.g., data breach, ransomware, DDoS, account compromise)

Ex2: Prioritize incidents based on their scope, likely impact, and time-critical nature

Ex3: Select incident response strategies for active incidents by balancing the need to quickly recover from an incident with the need to observe the attacker or conduct a more thorough investigation