IR-4(5): Automatic Disabling Of Information System

Control Family:

Incident Response

Parent Control:

IR-4: Incident Handling

Priority:

P1: Implement P1 security controls first.

CSF v1.1 References:

ID.SC-5
DE.AE-2
DE.AE-3
DE.AE-4
DE.AE-5
RS.AN-1
RS.AN-2
RS.AN-3
RS.AN-4
RS.CO-3
RS.CO-4
RS.IM-1
RS.IM-2
RS.MI-1
RS.MI-2
RS.RP-1
RC.CO-3
RC.IM-1
RC.IM-2
RC.RP-1

Baselines:

(Not part of any baseline)

Next Version:

NIST Special Publication 800-53 Revision 5:
IR-4(5): Automatic Disabling of System

Control Statement

The organization implements a configurable capability to automatically disable the information system if [Assignment: organization-defined security violations] are detected.