Communication
Coordinate communication during and after incidents.
9 of 9 frameworks cover this control
Framework Mappings
How Communication maps to each of the 6 cybersecurity frameworks tracked by ControlMap.
| Framework | Status | Control IDs |
|---|---|---|
| NIST CSF 2.0 | Covered | RS.CO-02 RS.CO-03 |
| ISO 27001 | Covered | A.5.5 A.5.6 A.5.26 |
| CIS v8 | Covered | CIS 17.2 |
| SOC 2 | Covered | CC2.3 CC7.4 |
| PCI DSS | Covered | 12.10.1 12.10.6 |
| CMMC | Covered | IR.L2-3.6.2 |
| 800-53 | Covered | IR-6 IR-7 |
| HIPAA | Covered | §164.308(a)(6)(ii) §164.404(a)(1) |
| GDPR | Covered | Art.33(1) Art.34(1) |
About Communication
Communication is a cybersecurity control in the Respond domain. Coordinate communication during and after incidents. Incident communication ensures that all stakeholders, including internal teams, executive leadership, customers, regulators, and law enforcement, receive timely and accurate information during and after a cybersecurity incident. Pre-established communication plans should define notification thresholds, spokesperson roles, approved communication channels, and template messages for different incident types and audiences. Regulatory requirements such as GDPR's 72-hour breach notification, SEC disclosure rules, and state breach notification laws make structured communication planning a legal necessity rather than just a best practice.
This control is recognized by 9 of the 6 major frameworks: NIST CSF 2.0, ISO 27001, CIS v8, SOC 2, PCI DSS, CMMC, 800-53, HIPAA, GDPR. It has full coverage across all ${FW_KEYS.length} frameworks.