Incident Response
Establish and execute incident response processes.
9 of 9 frameworks cover this control
Framework Mappings
How Incident Response maps to each of the 6 cybersecurity frameworks tracked by ControlMap.
| Framework | Status | Control IDs |
|---|---|---|
| NIST CSF 2.0 | Covered | RS.MA-01 RS.MA-02 |
| ISO 27001 | Covered | A.5.24 A.5.25 A.5.26 |
| CIS v8 | Covered | CIS 17.1 CIS 17.2 CIS 17.3 |
| SOC 2 | Covered | CC7.3 CC7.4 CC7.5 |
| PCI DSS | Covered | 12.10.1 12.10.2 12.10.3 |
| CMMC | Covered | IR.L2-3.6.1 IR.L2-3.6.2 |
| 800-53 | Covered | IR-1 IR-4 IR-5 IR-6 |
| HIPAA | Covered | §164.308(a)(6)(i) §164.308(a)(6)(ii) |
| GDPR | Covered | Art.33(1) Art.33(2) |
About Incident Response
Incident Response is a cybersecurity control in the Respond domain. Establish and execute incident response processes. An incident response program provides the structured processes and procedures an organization follows to detect, contain, eradicate, and recover from cybersecurity incidents. The incident response plan should define severity levels, roles and responsibilities, communication protocols, escalation procedures, and integration with legal, communications, and executive teams. Regular tabletop exercises and simulated incident drills test the plan's effectiveness, identify gaps, and ensure team members can execute their responsibilities under pressure when a real incident occurs.
This control is recognized by 9 of the 6 major frameworks: NIST CSF 2.0, ISO 27001, CIS v8, SOC 2, PCI DSS, CMMC, 800-53, HIPAA, GDPR. It has full coverage across all ${FW_KEYS.length} frameworks.