SA-15(10): Incident Response Plan

Control Family:

System and Services Acquisition

Parent Control:

SA-15: Development Process, Standards, and Tools

CSF v1.1 References:

ID.SC-2

Baselines:

(Not part of any baseline)

Previous Version:

NIST Special Publication 800-53 Revision 4:
SA-15(10): Incident Response Plan

Control Statement

Require the developer of the system, system component, or system service to provide, implement, and test an incident response plan.

Supplemental Guidance

The incident response plan provided by developers may provide information not readily available to organizations and be incorporated into organizational incident response plans. Developer information may also be extremely helpful, such as when organizations respond to vulnerabilities in commercial off-the-shelf products.

Control Statement

Supplemental Guidance

Related Controls

NIST Special Publication 800-53 Revision 5