>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

IR-3Incident Response Testing And Exercises

PBMM (P3)
Secret (P3)
Operational

>Control Description

(A) The organization tests the incident response capability for the information system organization-defined frequency using organization-defined tests to determine the incident response effectiveness and documents the results.

>Supplemental Guidance

Organizations test incident response capabilities to determine the overall effectiveness of the capabilities and to identify potential weaknesses or deficiencies. Incident response testing includes, for example, the use of checklists, walk-through or tabletop exercises, simulations (parallel/full interrupt), and comprehensive exercises. Incident response testing can also include a determination of the effects on organizational operations (e.g., reduction in mission capabilities), organizational assets, and individuals due to incident response.

Related controls: CP-4, IR-8

>Profile-Specific Parameters

(A) frequency [at a frequency no longer than annually]

Ask AI

Configure your API key to use AI features.