IR-4(9): Dynamic Response Capability

Control Family:

Incident Response

Parent Control:

IR-4: Incident Handling

Priority:

P1: Implement P1 security controls first.

CSF v1.1 References:

ID.SC-5
DE.AE-2
DE.AE-3
DE.AE-4
DE.AE-5
RS.AN-1
RS.AN-2
RS.AN-3
RS.AN-4
RS.CO-3
RS.CO-4
RS.IM-1
RS.IM-2
RS.MI-1
RS.MI-2
RS.RP-1
RC.CO-3
RC.IM-1
RC.IM-2
RC.RP-1

Baselines:

(Not part of any baseline)

Next Version:

NIST Special Publication 800-53 Revision 5:
IR-4(9): Dynamic Response Capability

Control Statement

The organization employs [Assignment: organization-defined dynamic response capabilities] to effectively respond to security incidents.

Supplemental Guidance

This control enhancement addresses the deployment of replacement or new capabilities in a timely manner in response to security incidents (e.g., adversary actions during hostile cyber attacks). This includes capabilities implemented at the mission/business process level (e.g., activating alternative mission/business processes) and at the information system level.