Incident Response Plan
a. Develop an incident response plan that:1. Provides the organization with a roadmap for implementing its incident response capability;2. Describes the structure and organization of the incident response capability;3. Provides a high-level approach for how the incident response capability fits into the overall organization;4. Meets the unique requirements of the organization which relate to mission size structure and functions;5. Defines reportable incidents;6. Provides metrics for measuring the incident response capability within the organization;7. Defines the resources and management support needed to effectively maintain and mature an incident response capability;8. Addresses the sharing of incident information;9. Is reviewed and approved by [Assignment: organization-defined personnel or roles] [Assignment: organization-defined frequency]; and10. Explicitly designates responsibility for incident response to [Assignment: organization-defined entities personnel or roles].b. Distribute copies of the incident response plan to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements];c. Update the incident response plan to address system and organizational changes or problems encountered during plan implementation execution or testing;d. Communicate incident response plan changes to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; ande. Protect the incident response plan from unauthorized disclosure and modification.
What is a Cybersecurity Compliance Framework?
You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security and privacy frameworks and certifications.
With the Lionfish platform, every framework is supported with guided scoping, policies, controls, automated evidence collection, and continuous monitoring, ensuring efficient preparation for audits or attestation in minimal time.
The Lionfish platform is compatible with a wide range of security and privacy frameworks, including:
- CMMC v2
- NERC CIP-002 through CIP-014 Revision 6
- NIST 800-171
- NIST 800-172
- PCI (Payment Card Industry Security Standard)
- SOC 2
- NIST 800-53
- NIST SP800-161 Supply Chain Risk Management
- CIS Framework Controls V8