SA-15(10): Incident Response Plan

CSF v1.1 References:


(Not part of any baseline)

Next Version:

Control Statement

The organization requires the developer of the information system, system component, or information system service to provide an incident response plan.

Supplemental Guidance

The incident response plan for developers of information systems, system components, and information system services is incorporated into organizational incident response plans to provide the type of incident response information not readily available to organizations. Such information may be extremely helpful, for example, when organizations respond to vulnerabilities in commercial off-the-shelf (COTS) information technology products.