IR-5(1): Automated Tracking / Data Collection / Analysis

Control Family:

Incident Response

Parent Control:

IR-5: Incident Monitoring

Priority:

P1: Implement P1 security controls first.

CSF v1.1 References:

DE.AE-3
DE.AE-5
RS.AN-1
RS.AN-4

Baselines:

High

Next Version:

NIST Special Publication 800-53 Revision 5:
IR-5(1): Automated Tracking, Data Collection, and Analysis

Control Statement

The organization employs automated mechanisms to assist in the tracking of security incidents and in the collection and analysis of incident information.

Supplemental Guidance

Automated mechanisms for tracking security incidents and collecting/analyzing incident information include, for example, the Einstein network monitoring device and monitoring online Computer Incident Response Centers (CIRCs) or other electronic databases of incidents.