IR — INCIDENT RESPONSE
FedRAMP Baseline Membership IR-7:
Use the FedRAMP Control Membership information above to determine if a control or control enhancement is required for each Impact Baseline — LOW, MODERATE, or HIGH
Click on the panel below each control or control enhancement to review the FedRAMP Impact Baseline-specific control configuration requirements for each of the [BRACKETS] in each control and/or control enhancement.
Review and use Additional Requirements and Guidance to build FedRAMP-compliant controls for your risk-based cybersecurity program.
To change the baseline view in the panel, click on LOW, MODERATE, or HIGH when the panel is open
Panels only appear where there are [BRACKETS] in the control or enhancement or where there is FedRAMP-specific requirements or guidance available.
IR-7: INCIDENT RESPONSE ASSISTANCE
The organization provides an incident response support resource, integral to the organizational incident response capability that offers advice and assistance to users of the information system for the handling and reporting of security incidents.
Incident response support resources provided by organizations include, for example, help desks, assistance groups, and access to forensics services, when required.
RELATED CONTROLS: IR-7
IR-7 (1) INCIDENT RESPONSE ASSISTANCE | AUTOMATION SUPPORT FOR AVAILABILITY OF INFORMATION / SUPPORT
FedRAMP Baseline Membership IR-7 (1):
The organization employs automated mechanisms to increase the availability of incident response-related information and support.
Automated mechanisms can provide a push and/or pull capability for users to obtain incident response assistance. For example, individuals might have access to a website to query the assistance capability, or conversely, the assistance capability may have the ability to proactively send information to users (general distribution or targeted) as part of increasing understanding of current response capabilities and support.
IR-7 (2) INCIDENT RESPONSE ASSISTANCE | COORDINATION WITH EXTERNAL PROVIDERS
FedRAMP Baseline Membership IR-7 (2):
- (a) Establishes a direct, cooperative relationship between its incident response capability and external providers of information system protection capability; and
- (b) Identifies organizational incident response team members to the external providers.
External providers of information system protection capability include, for example, the Computer Network Defense program within the U.S. Department of Defense. External providers help to protect, monitor, analyze, detect, and respond to unauthorized activity within organizational information systems and networks.
- NO REFERENCES