IR-4(2): Dynamic Reconfiguration

Control Family:

Incident Response


(Not part of any baseline)

Next Version:

Control Statement

The organization includes dynamic reconfiguration of [Assignment: organization-defined information system components] as part of the incident response capability.

Supplemental Guidance

Dynamic reconfiguration includes, for example, changes to router rules, access control lists, intrusion detection/prevention system parameters, and filter rules for firewalls and gateways. Organizations perform dynamic reconfiguration of information systems, for example, to stop attacks, to misdirect attackers, and to isolate components of systems, thus limiting the extent of the damage from breaches or compromises. Organizations include time frames for achieving the reconfiguration of information systems in the definition of the reconfiguration capability, considering the potential need for rapid response in order to effectively address sophisticated cyber threats.