Red Hat Virtualization Manager - Incident Response

Control responses for NIST 800-53 rev4.


Requirements Traceability Matrix

Control Name Status
IR-1 Incident Response Policy And Procedures

not applicable

IR-2 Incident Response Training

not applicable

IR-2 (1) Simulated Events

not applicable

IR-2 (2) Automated Training Environments

not applicable

IR-3 Incident Response Testing

not applicable

IR-3 (1) Automated Testing

not applicable

IR-3 (2) Coordination With Related Plans

not applicable

IR-4 Incident Handling

not applicable

IR-4 (1) Automated Incident Handling Processes

not applicable

IR-4 (2) Dynamic Reconfiguration

not applicable

IR-4 (3) Continuity Of Operations

not applicable

IR-4 (4) Information Correlation

not applicable

IR-4 (5) Automatic Disabling Of Information System

not applicable

IR-4 (6) Insider Threats - Specific Capabilities

not applicable

IR-4 (7) Insider Threats - Intra-Organization Coordination

not applicable

IR-4 (8) Correlation With External Organizations

not applicable

IR-4 (9) Dynamic Response Capability

not applicable

IR-4 (10) Supply Chain Coordination

not applicable

IR-5 Incident Monitoring

not applicable

IR-5 (1) Automated Tracking / Data Collection / Analysis

not applicable

IR-6 Incident Reporting

not applicable

IR-6 (1) Automated Reporting

not applicable

IR-6 (2) Vulnerabilities Related To Incidents

not applicable

IR-6 (3) Coordination With Supply Chain

not applicable

IR-7 Incident Response Assistance

not applicable

IR-7 (1) Automation Support For Availability Of Information / Support

not applicable

IR-7 (2) Coordination With External Providers

not applicable

IR-8 Incident Response Plan

not applicable

IR-9 Information Spillage Response

not applicable

IR-9 (1) Responsible Personnel

not applicable

IR-9 (2) Training

not applicable

IR-9 (3) Post-Spill Operations

not applicable

IR-9 (4) Exposure To Unauthorized Personnel

not applicable

IR-10 Integrated Information Security Analysis Team

not applicable




IR-1: Incident Response Policy And Procedures

The organization: a. Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: 1. An incident response policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and 2. Procedures to facilitate the implementation of the incident response policy and associated incident response controls; and b. Reviews and updates the current: 1. Incident response policy [Assignment: organization-defined frequency]; and 2. Incident response procedures [Assignment: organization-defined frequency].

IR-1 Control Response Information
Implementation Status:

not applicable

IR-1: What is the solution and how is it implemented?

‘This control reflects organizational procedure/policy and is not applicable to component-level configuration.’




IR-2: Incident Response Training

The organization provides incident response training to information system users consistent with assigned roles and responsibilities: a. Within [Assignment: organization-defined time period] of assuming an incident response role or responsibility; b. When required by information system changes; and c. [Assignment: organization-defined frequency] thereafter.

IR-2 Control Response Information
Implementation Status:

not applicable

IR-2: What is the solution and how is it implemented?

‘This control reflects organizational procedure/policy and is not applicable to component-level configuration.’




IR-2 (1): Simulated Events

“The organization incorporates simulated events into incident response training to facilitate effective response by personnel in crisis situations.”

IR-2 (1) Control Response Information
Implementation Status:

not applicable

IR-2 (1): What is the solution and how is it implemented?

‘This control reflects organizational procedure/policy and is not applicable to component-level configuration.’




IR-2 (2): Automated Training Environments

“The organization employs automated mechanisms to provide a more thorough and realistic incident response training environment.”

IR-2 (2) Control Response Information
Implementation Status:

not applicable

IR-2 (2): What is the solution and how is it implemented?

‘This control reflects organizational procedure/policy and is not applicable to component-level configuration.’




IR-3: Incident Response Testing

“The organization tests the incident response capability for the information system [Assignment: organization-defined frequency] using [Assignment: organization-defined tests] to determine the incident response effectiveness and documents the results.”

IR-3 Control Response Information
Implementation Status:

not applicable

IR-3: What is the solution and how is it implemented?

‘This control reflects organizational procedure/policy and is not applicable to component-level configuration.’




IR-3 (1): Automated Testing

“The organization employs automated mechanisms to more thoroughly and effectively test the incident response capability.”

IR-3 (1) Control Response Information
Implementation Status:

not applicable

IR-3 (1): What is the solution and how is it implemented?

‘This control reflects organizational procedure/policy and is not applicable to component-level configuration.’




IR-3 (2): Coordination With Related Plans

“The organization coordinates incident response testing with organizational elements responsible for related plans.”

IR-3 (2) Control Response Information
Implementation Status:

not applicable

IR-3 (2): What is the solution and how is it implemented?

‘This control reflects organizational procedure/policy and is not applicable to component-level configuration.’




IR-4: Incident Handling

The organization: a. Implements an incident handling capability for security incidents that includes preparation, detection and analysis, containment, eradication, and recovery; b. Coordinates incident handling activities with contingency planning activities; and c. Incorporates lessons learned from ongoing incident handling activities into incident response procedures, training, and testing, and implements the resulting changes accordingly.

IR-4 Control Response Information
Implementation Status:

not applicable

IR-4: What is the solution and how is it implemented?

‘This control reflects organizational procedure/policy and is not applicable to component-level configuration.’




IR-4 (1): Automated Incident Handling Processes

“The organization employs automated mechanisms to support the incident handling process.”

IR-4 (1) Control Response Information
Implementation Status:

not applicable

IR-4 (1): What is the solution and how is it implemented?

‘This control reflects organizational procedure/policy and is not applicable to component-level configuration.’




IR-4 (2): Dynamic Reconfiguration

“The organization includes dynamic reconfiguration of [Assignment: organization-defined information system components] as part of the incident response capability.”

IR-4 (2) Control Response Information
Implementation Status:

not applicable

IR-4 (2): What is the solution and how is it implemented?

‘This control reflects organizational procedure/policy and is not applicable to component-level configuration.’




IR-4 (3): Continuity Of Operations

“The organization identifies [Assignment: organization-defined classes of incidents] and [Assignment: organization-defined actions to take in response to classes of incidents] to ensure continuation of organizational missions and business functions.”

IR-4 (3) Control Response Information
Implementation Status:

not applicable

IR-4 (3): What is the solution and how is it implemented?

‘This control reflects organizational procedure/policy and is not applicable to component-level configuration.’




IR-4 (4): Information Correlation

“The organization correlates incident information and individual incident responses to achieve an organization-wide perspective on incident awareness and response.”

IR-4 (4) Control Response Information
Implementation Status:

not applicable

IR-4 (4): What is the solution and how is it implemented?

‘This control reflects organizational procedure/policy and is not applicable to component-level configuration.’




IR-4 (5): Automatic Disabling Of Information System

“The organization implements a configurable capability to automatically disable the information system if [Assignment: organization-defined security violations] are detected.”

IR-4 (5) Control Response Information
Implementation Status:

not applicable

IR-4 (5): What is the solution and how is it implemented?

‘This control reflects organizational procedure/policy and is not applicable to component-level configuration.’




IR-4 (6): Insider Threats - Specific Capabilities

“The organization implements incident handling capability for insider threats.”

IR-4 (6) Control Response Information
Implementation Status:

not applicable

IR-4 (6): What is the solution and how is it implemented?

‘This control reflects organizational procedure/policy and is not applicable to component-level configuration.’




IR-4 (7): Insider Threats - Intra-Organization Coordination

“The organization coordinates incident handling capability for insider threats across [Assignment: organization-defined components or elements of the organization].”

IR-4 (7) Control Response Information
Implementation Status:

not applicable

IR-4 (7): What is the solution and how is it implemented?

‘This control reflects organizational procedure/policy and is not applicable to component-level configuration.’




IR-4 (8): Correlation With External Organizations

“The organization coordinates with [Assignment: organization-defined external organizations] to correlate and share [Assignment: organization-defined incident information] to achieve a cross-organization perspective on incident awareness and more effective incident responses.”

IR-4 (8) Control Response Information
Implementation Status:

not applicable

IR-4 (8): What is the solution and how is it implemented?

‘This control reflects organizational procedure/policy and is not applicable to component-level configuration.’




IR-4 (9): Dynamic Response Capability

“The organization employs [Assignment: organization-defined dynamic response capabilities] to effectively respond to security incidents.”

IR-4 (9) Control Response Information
Implementation Status:

not applicable

IR-4 (9): What is the solution and how is it implemented?

‘This control reflects organizational procedure/policy and is not applicable to component-level configuration.’




IR-4 (10): Supply Chain Coordination

“The organization coordinates incident handling activities involving supply chain events with other organizations involved in the supply chain.”

IR-4 (10) Control Response Information
Implementation Status:

not applicable

IR-4 (10): What is the solution and how is it implemented?

‘This control reflects organizational procedure/policy and is not applicable to component-level configuration.’




IR-5: Incident Monitoring

“The organization tracks and documents information system security incidents.”

IR-5 Control Response Information
Implementation Status:

not applicable

IR-5: What is the solution and how is it implemented?

‘This control reflects organizational procedure/policy and is not applicable to component-level configuration.’




IR-5 (1): Automated Tracking / Data Collection / Analysis

“The organization employs automated mechanisms to assist in the tracking of security incidents and in the collection and analysis of incident information.”

IR-5 (1) Control Response Information
Implementation Status:

not applicable

IR-5 (1): What is the solution and how is it implemented?

‘This control reflects organizational procedure/policy and is not applicable to component-level configuration.’




IR-6: Incident Reporting

The organization: a. Requires personnel to report suspected security incidents to the organizational incident response capability within [Assignment: organization-defined time period]; and b. Reports security incident information to [Assignment: organization-defined authorities].

IR-6 Control Response Information
Implementation Status:

not applicable

IR-6: What is the solution and how is it implemented?

‘This control reflects organizational procedure/policy and is not applicable to component-level configuration.’




IR-6 (1): Automated Reporting

“The organization employs automated mechanisms to assist in the reporting of security incidents.”

IR-6 (1) Control Response Information
Implementation Status:

not applicable

IR-6 (1): What is the solution and how is it implemented?