RS.CO-03—Information is shared with designated internal and external stakeholders
>Control Description
This incident response reporting and communication subcategory ensures that information is shared with designated internal and external stakeholders. Key activities include: Securely share information consistent with response plans and information sharing agreements; Voluntarily share information about an attacker’s observed TTPs, with all sensitive data removed, with an Information Sharing and Analysis Center (...; Notify HR when malicious insider activity occurs.
>Cross-Framework Mappings
NIST SP 800-53 r5
via NIST CSF 2.0 Concept CrosswalkISO 27001:2022
via NIST OLIR Catalog>Informative References
Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0
CCMv4.0
BCR-07
DSP-18
SEF-07
SEF-08
CIS Controls v8.0
17.2
CIS Controls v8.1
17.2
CRI Profile v2.0
RS.CO-03
RS.CO-03.01
RS.CO-03.02
CSF v1.1
RS.CO-3
RS.CO-5
ISO/IEC 27001:2022
Mandatory Clause: 7.4
Annex A Controls: 5.26
NICE Framework
OG-WRL-006
OG-WRL-007
OG-WRL-008
OG-WRL-010
OG-WRL-015
PD-WRL-003
PCI DSS
12.10.1
12.8.2
12.8.4
12.10.6
SCF
IRO-02
IRO-10
IRO-10.4
SP 800-171 Rev 3
03.06.01
03.06.02
03.17.03
SP 800-53 Rev 5.1.1
IR-04
IR-06
IR-07
SR-03
SR-08
SP 800-53 Rev 5.2.0
IR-04
IR-06
IR-07
SR-03
SR-08
Ask AI
Configure your API key to use AI features.