home || catalog: SP800-53rev3 / class: Operational / family: (IR) Incident Response ||
search controls:
search nistpubs:

AC
AT
AU
CA
CM
CP
IA
IR

IR-01
IR-02
IR-03
IR-04
IR-05
IR-06
IR-07 *
IR-08

MA
MP
PE
PL
PM
PS
RA
SA
SC
SI
MMMMM

  IR-07: Incident Response Assistance  

base control objective:
The organization provides an incident response support resource, integral to the organizational incident response capability, that offers advice and assistance to users of the information system for the handling and reporting of security incidents.

supplemental objective information:
Possible implementations of incident response support resources in an organization include a help desk or an assistance group and access to forensics services, when required.

enhancements to the base objective:

(1) The organization employs automated mechanisms to increase the availability of incident response-related information and support.
Enhancement Supplemental Guidance: Automated mechanisms can provide a push and/or pull capability for users to obtain incident response assistance. For example, individuals might have access to a website to query the assistance capability, or conversely, the assistance capability may have the ability to proactively send information to users (general distribution or targeted) as part of increasing understanding of current response capabilities and support.

(2) The organization:
(a) Establishes a direct, cooperative relationship between its incident response capability and external providers of information system protection capability; and
(b) Identifies organizational incident response team members to the external providers.
Enhancement Supplemental Guidance: External providers of information system protection capability include, for example, the Computer Network Defense program within the U.S. Department of Defense. External providers help to protect, monitor, analyze, detect, and respond to unauthorized activity within organizational information systems and networks.

mapping to FIPS199 baseline:

  LOW: base     MOD: base (1)     HIGH: base (1)  

related (regimented) controls:

IR-04   Incident Handling
IR-06   Incident Reporting

documents referenced in SP800-53rev3 for IR-07:

Document Date Status Title
NIST SP800-61 August, 2012 current   Computer Security Incident Handling Guide

Search SP800-53rev3 catalog: