IR-3: Incident Response Testing
Control Family:
Previous Version:
- NIST Special Publication 800-53 Revision 4:
- IR-3: Incident Response Testing
Control Statement
Test the effectiveness of the incident response capability for the system [Assignment: organization-defined frequency] using the following tests: [Assignment: organization-defined tests].
Supplemental Guidance
Organizations test incident response capabilities to determine their effectiveness and identify potential weaknesses or deficiencies. Incident response testing includes the use of checklists, walk-through or tabletop exercises, and simulations (parallel or full interrupt). Incident response testing can include a determination of the effects on organizational operations and assets and individuals due to incident response. The use of qualitative and quantitative data aids in determining the effectiveness of incident response processes.
Control Enhancements
IR-3(1): Automated Testing
Baseline(s):
Test the incident response capability using [Assignment: organization-defined automated mechanisms].
IR-3(2): Coordination with Related Plans
Baseline(s):
- Moderate
- High
Coordinate incident response testing with organizational elements responsible for related plans.
IR-3(3): Continuous Improvement
Baseline(s):
Use qualitative and quantitative data from testing to: Determine the effectiveness of incident response processes; Continuously improve incident response processes; and Provide incident response measures and metrics that are accurate, consistent, and in a reproducible format.