IR-4(5): Automatic Disabling of System

Control Family:

Incident Response

Parent Control:

IR-4: Incident Handling

CSF v1.1 References:

ID.SC-5
DE.AE-2
DE.AE-3
DE.AE-4
DE.AE-5
RS.AN-1
RS.AN-2
RS.AN-3
RS.AN-4
RS.CO-3
RS.CO-4
RS.IM-1
RS.IM-2
RS.MI-1
RS.MI-2
RS.RP-1
RC.CO-1
RC.CO-2
RC.CO-3
RC.IM-1
RC.IM-2
RC.RP-1

Baselines:

(Not part of any baseline)

Previous Version:

NIST Special Publication 800-53 Revision 4:
IR-4(5): Automatic Disabling Of Information System

Control Statement

Implement a configurable capability to automatically disable the system if [Assignment: organization-defined security violations] are detected.

Supplemental Guidance

Organizations consider whether the capability to automatically disable the system conflicts with continuity of operations requirements specified as part of CP-2 or IR-4(3). Security violations include cyber-attacks that have compromised the integrity of the system or exfiltrated organizational information and serious errors in software programs that could adversely impact organizational missions or functions or jeopardize the safety of individuals.