Forensics
Conduct forensic analysis to determine incident scope.
9 of 9 frameworks cover this control
Framework Mappings
How Forensics maps to each of the 6 cybersecurity frameworks tracked by ControlMap.
| Framework | Status | Control IDs |
|---|---|---|
| NIST CSF 2.0 | Covered | RS.AN-03 |
| ISO 27001 | Covered | A.5.28 |
| CIS v8 | Covered | CIS 17.6 |
| SOC 2 | Covered | CC7.4 |
| PCI DSS | Covered | 12.10.5 |
| CMMC | Covered | IR.L2-3.6.1 |
| 800-53 | Covered | IR-4 AU-7 |
| HIPAA | Covered | §164.308(a)(6)(ii) |
| GDPR | Covered | Art.33(3) |
About Forensics
Forensics is a cybersecurity control in the Respond domain. Conduct forensic analysis to determine incident scope. Digital forensics involves the systematic collection, preservation, analysis, and documentation of digital evidence to determine the root cause, scope, and impact of a cybersecurity incident. Forensic readiness requires maintaining adequate logging, deploying endpoint detection tools that preserve forensic artifacts, and establishing chain-of-custody procedures that ensure evidence admissibility in legal proceedings. Organizations should either maintain in-house forensic capabilities or retain a third-party forensic firm on retainer to ensure rapid response when incidents require detailed investigation.
This control is recognized by 9 of the 6 major frameworks: NIST CSF 2.0, ISO 27001, CIS v8, SOC 2, PCI DSS, CMMC, 800-53, HIPAA, GDPR. It has full coverage across all ${FW_KEYS.length} frameworks.