home || catalog: SP800-53rev3 / class: Operational / family: (IR) Incident Response ||
search controls:
search nistpubs:

AC
AT
AU
CA
CM
CP
IA
IR

IR-01
IR-02 *
IR-03
IR-04
IR-05
IR-06
IR-07
IR-08

MA
MP
PE
PL
PM
PS
RA
SA
SC
SI
MMMMM

  IR-02: Incident Response Training  

base control objective:
The organization:
a. Trains personnel in their incident response roles and responsibilities with respect to the information system; and
b. Provides refresher training [Assignment: organization-defined frequency].

supplemental objective information:
Incident response training includes user training in the identification and reporting of suspicious activities, both from external and internal sources.

enhancements to the base objective:

(1) The organization incorporates simulated events into incident response training to facilitate effective response by personnel in crisis situations.

(2) The organization employs automated mechanisms to provide a more thorough and realistic training environment.

mapping to FIPS199 baseline:

  LOW: null     MOD: base     HIGH: base (1) (2)  

related (regimented) controls:

AT-03   Security Training

documents referenced in SP800-53rev3 for IR-02:

Document Date Status Title
NIST SP800-50 October, 2003 current   Building an Information Technology Security Awareness and Training Program
NIST SP800-61 August, 2012 current   Computer Security Incident Handling Guide
NIST SP800-84 September, 2006 current   Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities

Search SP800-53rev3 catalog: