Ansible Tower - Incident Response
Control responses for NIST 800-53 rev4.
Requirements Traceability Matrix
Control | Name | Status |
---|---|---|
IR-1 | Incident Response Policy And Procedures |
not applicable |
IR-2 | Incident Response Training |
not applicable |
IR-2 (1) | Simulated Events |
not applicable |
IR-2 (2) | Automated Training Environments |
not applicable |
IR-3 | Incident Response Testing |
not applicable |
IR-3 (1) | Automated Testing |
not applicable |
IR-3 (2) | Coordination With Related Plans |
not applicable |
IR-4 | Incident Handling |
not applicable |
IR-4 (1) | Automated Incident Handling Processes |
not applicable |
IR-4 (2) | Dynamic Reconfiguration |
not applicable |
IR-4 (3) | Continuity Of Operations |
not applicable |
IR-4 (4) | Information Correlation |
not applicable |
IR-4 (5) | Automatic Disabling Of Information System |
not applicable |
IR-4 (6) | Insider Threats - Specific Capabilities |
not applicable |
IR-4 (7) | Insider Threats - Intra-Organization Coordination |
not applicable |
IR-4 (8) | Correlation With External Organizations |
not applicable |
IR-4 (9) | Dynamic Response Capability |
not applicable |
IR-4 (10) | Supply Chain Coordination |
not applicable |
IR-5 | Incident Monitoring |
not applicable |
IR-5 (1) | Automated Tracking / Data Collection / Analysis |
not applicable |
IR-6 | Incident Reporting |
not applicable |
IR-6 (1) | Automated Reporting |
not applicable |
IR-6 (2) | Vulnerabilities Related To Incidents |
not applicable |
IR-6 (3) | Coordination With Supply Chain |
not applicable |
IR-7 | Incident Response Assistance |
not applicable |
IR-7 (1) | Automation Support For Availability Of Information / Support |
not applicable |
IR-7 (2) | Coordination With External Providers |
not applicable |
IR-8 | Incident Response Plan |
not applicable |
IR-9 | Information Spillage Response |
not applicable |
IR-9 (1) | Responsible Personnel |
not applicable |
IR-9 (2) | Training |
not applicable |
IR-9 (3) | Post-Spill Operations |
not applicable |
IR-9 (4) | Exposure To Unauthorized Personnel |
not applicable |
IR-10 | Integrated Information Security Analysis Team |
not applicable |
IR-1: Incident Response Policy And Procedures
The organization: a. Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: 1. An incident response policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and 2. Procedures to facilitate the implementation of the incident response policy and associated incident response controls; and b. Reviews and updates the current: 1. Incident response policy [Assignment: organization-defined frequency]; and 2. Incident response procedures [Assignment: organization-defined frequency].
|
---|
Implementation Status:
not applicable |
IR-1: What is the solution and how is it implemented? |
---|
‘This control reflects organizational procedure/policy and is not applicable to component-level configuration.’ |
IR-2: Incident Response Training
The organization provides incident response training to information system users consistent with assigned roles and responsibilities: a. Within [Assignment: organization-defined time period] of assuming an incident response role or responsibility; b. When required by information system changes; and c. [Assignment: organization-defined frequency] thereafter.
|
---|
Implementation Status:
not applicable |
IR-2: What is the solution and how is it implemented? |
---|
‘This control reflects organizational procedure/policy and is not applicable to component-level configuration.’ |
IR-2 (1): Simulated Events
“The organization incorporates simulated events into incident response training to facilitate effective response by personnel in crisis situations.”
|
---|
Implementation Status:
not applicable |
IR-2 (1): What is the solution and how is it implemented? |
---|
‘This control reflects organizational procedure/policy and is not applicable to component-level configuration.’ |
IR-2 (2): Automated Training Environments
“The organization employs automated mechanisms to provide a more thorough and realistic incident response training environment.”
|
---|
Implementation Status:
not applicable |
IR-2 (2): What is the solution and how is it implemented? |
---|
‘This control reflects organizational procedure/policy and is not applicable to component-level configuration.’ |
IR-3: Incident Response Testing
“The organization tests the incident response capability for the information system [Assignment: organization-defined frequency] using [Assignment: organization-defined tests] to determine the incident response effectiveness and documents the results.”
|
---|
Implementation Status:
not applicable |
IR-3: What is the solution and how is it implemented? |
---|
‘This control reflects organizational procedure/policy and is not applicable to component-level configuration.’ |
IR-3 (1): Automated Testing
“The organization employs automated mechanisms to more thoroughly and effectively test the incident response capability.”
|
---|
Implementation Status:
not applicable |
IR-3 (1): What is the solution and how is it implemented? |
---|
‘This control reflects organizational procedure/policy and is not applicable to component-level configuration.’ |
IR-3 (2): Coordination With Related Plans
“The organization coordinates incident response testing with organizational elements responsible for related plans.”
|
---|
Implementation Status:
not applicable |
IR-3 (2): What is the solution and how is it implemented? |
---|
‘This control reflects organizational procedure/policy and is not applicable to component-level configuration.’ |
IR-4: Incident Handling
The organization: a. Implements an incident handling capability for security incidents that includes preparation, detection and analysis, containment, eradication, and recovery; b. Coordinates incident handling activities with contingency planning activities; and c. Incorporates lessons learned from ongoing incident handling activities into incident response procedures, training, and testing, and implements the resulting changes accordingly.
|
---|
Implementation Status:
not applicable |
IR-4: What is the solution and how is it implemented? |
---|
‘This control reflects organizational procedure/policy and is not applicable to component-level configuration.’ |
IR-4 (1): Automated Incident Handling Processes
“The organization employs automated mechanisms to support the incident handling process.”
|
---|
Implementation Status:
not applicable |
IR-4 (1): What is the solution and how is it implemented? |
---|
‘This control reflects organizational procedure/policy and is not applicable to component-level configuration.’ |
IR-4 (2): Dynamic Reconfiguration
“The organization includes dynamic reconfiguration of [Assignment: organization-defined information system components] as part of the incident response capability.”
|
---|
Implementation Status:
not applicable |
IR-4 (2): What is the solution and how is it implemented? |
---|
‘This control reflects organizational procedure/policy and is not applicable to component-level configuration.’ |
IR-4 (3): Continuity Of Operations
“The organization identifies [Assignment: organization-defined classes of incidents] and [Assignment: organization-defined actions to take in response to classes of incidents] to ensure continuation of organizational missions and business functions.”
|
---|
Implementation Status:
not applicable |
IR-4 (3): What is the solution and how is it implemented? |
---|
‘This control reflects organizational procedure/policy and is not applicable to component-level configuration.’ |
IR-4 (4): Information Correlation
“The organization correlates incident information and individual incident responses to achieve an organization-wide perspective on incident awareness and response.”
|
---|
Implementation Status:
not applicable |
IR-4 (4): What is the solution and how is it implemented? |
---|
‘This control reflects organizational procedure/policy and is not applicable to component-level configuration.’ |
IR-4 (5): Automatic Disabling Of Information System
“The organization implements a configurable capability to automatically disable the information system if [Assignment: organization-defined security violations] are detected.”
|
---|
Implementation Status:
not applicable |
IR-4 (5): What is the solution and how is it implemented? |
---|
‘This control reflects organizational procedure/policy and is not applicable to component-level configuration.’ |
IR-4 (6): Insider Threats - Specific Capabilities
“The organization implements incident handling capability for insider threats.”
|
---|
Implementation Status: |