IR-3: Incident Response Testing
Control Family:
Next Version:
- NIST Special Publication 800-53 Revision 5:
- IR-3: Incident Response Testing
Control Statement
The organization tests the incident response capability for the information system [Assignment: organization-defined frequency] using [Assignment: organization-defined tests] to determine the incident response effectiveness and documents the results.
Supplemental Guidance
Organizations test incident response capabilities to determine the overall effectiveness of the capabilities and to identify potential weaknesses or deficiencies. Incident response testing includes, for example, the use of checklists, walk-through or tabletop exercises, simulations (parallel/full interrupt), and comprehensive exercises. Incident response testing can also include a determination of the effects on organizational operations (e.g., reduction in mission capabilities), organizational assets, and individuals due to incident response.
Control Enhancements
IR-3(1): Automated Testing
Baseline(s):
The organization employs automated mechanisms to more thoroughly and effectively test the incident response capability.
IR-3(2): Coordination With Related Plans
Baseline(s):
- Moderate
- High
The organization coordinates incident response testing with organizational elements responsible for related plans.