IR-5: Incident Monitoring

Control Family:

Incident Response

Priority:

P1: Implement P1 security controls first.

CSF v1.1 References:

Baselines:

Low
- IR-5
Moderate
- IR-5
High
- IR-5
- (1)

Next Version:

NIST Special Publication 800-53 Revision 5:
IR-5: Incident Monitoring

Control Statement

The organization tracks and documents information system security incidents.

Supplemental Guidance

Documenting information system security incidents includes, for example, maintaining records about each incident, the status of the incident, and other pertinent information necessary for forensics, evaluating incident details, trends, and handling. Incident information can be obtained from a variety of sources including, for example, incident reports, incident response teams, audit monitoring, network monitoring, physical access monitoring, and user/administrator reports.

Control Enhancements

IR-5(1): Automated Tracking / Data Collection / Analysis

Baseline(s):

High

The organization employs automated mechanisms to assist in the tracking of security incidents and in the collection and analysis of incident information.

Control Statement

Supplemental Guidance

Control Enhancements

Related Controls

NIST Special Publication 800-53 Revision 4

Cloud Controls Matrix v3.0.1

Critical Security Controls Version 8