OpenStack Platform 13 - Incident Response

Control responses for NIST 800-53 rev4.


Requirements Traceability Matrix

Control Name Status
IR-1 Incident Response Policy And Procedures

not applicable

IR-2 Incident Response Training

not applicable

IR-2 (1) Simulated Events

not applicable

IR-2 (2) Automated Training Environments

not applicable

IR-3 Incident Response Testing

not applicable

IR-3 (1) Automated Testing

not applicable

IR-3 (2) Coordination With Related Plans

not applicable

IR-4 Incident Handling

not applicable

IR-4 (1) Automated Incident Handling Processes

not applicable

IR-4 (2) Dynamic Reconfiguration

not applicable

IR-4 (3) Continuity Of Operations

not applicable

IR-4 (4) Information Correlation

not applicable

IR-4 (5) Automatic Disabling Of Information System

not applicable

IR-4 (6) Insider Threats - Specific Capabilities

not applicable

IR-4 (7) Insider Threats - Intra-Organization Coordination

not applicable

IR-4 (8) Correlation With External Organizations

not applicable

IR-4 (9) Dynamic Response Capability

not applicable

IR-4 (10) Supply Chain Coordination

not applicable

IR-5 Incident Monitoring

not applicable

IR-5 (1) Automated Tracking / Data Collection / Analysis

not applicable

IR-6 Incident Reporting

not applicable

IR-6 (1) Automated Reporting

not applicable

IR-6 (2) Vulnerabilities Related To Incidents

not applicable

IR-6 (3) Coordination With Supply Chain

not applicable

IR-7 Incident Response Assistance

not applicable

IR-7 (1) Automation Support For Availability Of Information / Support

not applicable

IR-7 (2) Coordination With External Providers

not applicable

IR-8 Incident Response Plan

not applicable

IR-9 Information Spillage Response

not applicable

IR-9 (1) Responsible Personnel

not applicable

IR-9 (2) Training

not applicable

IR-9 (3) Post-Spill Operations

not applicable

IR-9 (4) Exposure To Unauthorized Personnel

not applicable

IR-10 Integrated Information Security Analysis Team

not applicable




IR-1: Incident Response Policy And Procedures

The organization: a. Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: 1. An incident response policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and 2. Procedures to facilitate the implementation of the incident response policy and associated incident response controls; and b. Reviews and updates the current: 1. Incident response policy [Assignment: organization-defined frequency]; and 2. Incident response procedures [Assignment: organization-defined frequency].

IR-1 Control Response Information
Implementation Status:

not applicable

IR-1: What is the solution and how is it implemented?

‘This control reflects organizational procedure/policy and is not applicable to component-level configuration.’




IR-2: Incident Response Training

The organization provides incident response training to information system users consistent with assigned roles and responsibilities: a. Within [Assignment: organization-defined time period] of assuming an incident response role or responsibility; b. When required by information system changes; and c. [Assignment: organization-defined frequency] thereafter.

IR-2 Control Response Information
Implementation Status:

not applicable

IR-2: What is the solution and how is it implemented?

‘This control reflects organizational procedure/policy and is not applicable to component-level configuration.’




IR-2 (1): Simulated Events

“The organization incorporates simulated events into incident response training to facilitate effective response by personnel in crisis situations.”

IR-2 (1) Control Response Information
Implementation Status:

not applicable

IR-2 (1): What is the solution and how is it implemented?

‘This control reflects organizational procedure/policy and is not applicable to component-level configuration.’




IR-2 (2): Automated Training Environments

“The organization employs automated mechanisms to provide a more thorough and realistic incident response training environment.”

IR-2 (2) Control Response Information
Implementation Status:

not applicable

IR-2 (2): What is the solution and how is it implemented?

‘This control reflects organizational procedure/policy and is not applicable to component-level configuration.’




IR-3: Incident Response Testing

“The organization tests the incident response capability for the information system [Assignment: organization-defined frequency] using [Assignment: organization-defined tests] to determine the incident response effectiveness and documents the results.”

IR-3 Control Response Information
Implementation Status: