Overview:
The organization tests the incident response capability for the information system [Assignment: organization-defined frequency] using [Assignment: organization-defined tests] to determine the incident response effectiveness and documents the results.
Supplemental Guidance:
Organizations test incident response capabilities to determine the overall effectiveness of the capabilities and to identify potential weaknesses or deficiencies. Incident response testing includes, for example, the use of checklists, walk-through or tabletop exercises, simulations (parallel/full interrupt), and comprehensive exercises. Incident response testing can also include a determination of the effects on organizational operations (e.g., reduction in mission capabilities), organizational assets, and individuals due to incident response.
Related controls: CP-4, IR-8.
Action Items:
1) Test the Incident Response Plan and associated procedures on a regular basis
Related Documents:
1) Incident Response Plan
Additional Guidance:
Moderate FedRAMP-Defined Assignment / Selection Parameters
IR-3-1 [at least annually]
IR-3-2 [see additional FedRAMP Requirements and Guidance]
Moderate Additional FedRAMP Requirements and Guidance
IR-3-2 Requirement: The service provider defines tests and/or exercises in accordance with NIST Special Publication 800-61 (as amended). For JAB authorization, the service provider provides test plans to the JAB/AO annually. Test plans are approved and accepted by the JAB/AO prior to test commencing.
Article ID: 719
Created: September 30, 2022
Last Updated: September 30, 2022
Author: Matthew Burdick
Online URL: http://www.compliancewiki.org/article/incident-response-testing-ir-3-719.html