IR-7: INCIDENT RESPONSE ASSISTANCE

TAILORED FOR INDUSTRIAL CONTROL SYSTEMS

ICS Control Baselines:
Low
Moderate
High

The organization provides an incident response support resource, integral to the organizational incident response capability that offers advice and assistance to users of the information system for the handling and reporting of security incidents.

SUPPLEMENTAL GUIDANCE

Incident response support resources provided by organizations include, for example, help desks, assistance groups, and access to forensics services, when required.

ICS SUPPLEMENTAL GUIDANCE

No ICS Supplemental Guidance.

CONTROL ENHANCEMENTS

IR-7 (1) INCIDENT RESPONSE ASSISTANCE | AUTOMATION SUPPORT FOR AVAILABILITY OF INFORMATION / SUPPORT

ICS Control Baselines:
Moderate
High

The organization employs automated mechanisms to increase the availability of incident response-related information and support.

Supplemental Guidance:

Automated mechanisms can provide a push and/or pull capability for users to obtain incident response assistance. For example, individuals might have access to a website to query the assistance capability, or conversely, the assistance capability may have the ability to proactively send information to users (general distribution or targeted) as part of increasing understanding of current response capabilities and support.

No ICS Supplemental Guidance.

IR-7 (2) INCIDENT RESPONSE ASSISTANCE | COORDINATION WITH EXTERNAL PROVIDERS

NOT SELECTED FOR THE NIST ISC CONTROL SET

The organization:

(a) Establishes a direct, cooperative relationship between its incident response capability and external providers of information system protection capability; and
(b) Identifies organizational incident response team members to the external providers.