Security Requirements for 03.06.05 Incident Response Plan

It is important that organizations develop and implement a coordinated approach to incident response. Organizational mission and business functions determine the structure of incident response capabilities. As part of the incident response capabilities, organizations consider the coordination and sharing of information with external organizations, including external service providers and other organizations involved in the supply chain.

View CPRT 03.06.05

  1. 03.06.05.a

    Develop an incident response plan that:

  2. 03.06.05.a.01

    Provides the organization with a roadmap for implementing its incident response capability,

  3. 03.06.05.a.02

    Describes the structure and organization of the incident response capability,

  4. 03.06.05.a.03

    Provides a high-level approach for how the incident response capability fits into the overall organization,

  5. 03.06.05.a.04

    Defines reportable incidents,

  6. 03.06.05.a.05

    Addresses the sharing of incident information, and

  7. 03.06.05.a.06

    Designates responsibilities to organizational entities, personnel, or roles.

  1. 03.06.05.b

    Distribute copies of the incident response plan to designated incident response personnel (identified by name and/or by role) and organizational elements.

  1. 03.06.05.c

    Update the incident response plan to address system and organizational changes or problems encountered during plan implementation, execution, or testing.

  1. 03.06.05.d

    Protect the incident response plan from unauthorized disclosure.