NIST 800-171 3.6.3 Test the organizational incident response capability. : iCompaas Support

Description:

Organizations test incident response capabilities to determine the effectiveness of the capabilities and to identify potential weaknesses or deficiencies. Incident response testing includes the use of checklists, walk-through or tabletop exercises, simulations (both parallel and full interrupt), and comprehensive exercises. Incident response testing can also include a determination of the effects on organizational operations (e.g., reduction in mission capabilities), organizational assets, and individuals due to incident response. [SP 800-84] provides guidance on testing programs for information technology capabilities.

Priority: Medium

Category: Incident Response Operations

Services Associated with AWS:

AWS Security Hub, AWS Incident Manager

Objective Evidence:

Administrative: documented policies, standards & procedures
Administrative: supporting documentation of role-based security training being performed
Administrative: supporting documentation of professional competence by individual(s) performing incident response roles
Administrative: Incident Response Plan (IRP) practices that cover all phases of incident response operations
Administrative: supporting documentation of incident response testing / exercises

Possible Technology Considerations :

What needs to be answered :

Is there a company incident response policy? Does it outline requirements for regular testing and reviews/improvements to incident response capabilities? Does the company test its incident response capabilities?

Organizational Incident Response Capability Testing
Description: This check ensures that organizations regularly test their incident response capabilities to assess their effectiveness and identify potential weaknesses or deficiencies. Incident response testing involves the use of various methods such as checklists, walk-through exercises, simulations, and comprehensive exercises to evaluate the organization's ability to respond to security incidents.

More Details:

Organization response capability tested periodically for all employees and IT staff.

NIST 800-171 3.6.3 Test the organizational incident response capability. Print

Related Articles