RS.AN-06:

Actions performed during an investigation are recorded, and the records' integrity and provenance are preserved

Implementation Examples

Ex1:

Require each incident responder and others (e.g., system administrators, cybersecurity engineers) who perform incident response tasks to record their actions and make the record immutable

Ex2:

Require the incident lead to document the incident in detail and be responsible for preserving the integrity of the documentation and the sources of all information being reported

Frameworks and Controls

NIST Cybersecurity Framework V2.0

GV: Govern
ID: Identify
PR: Protect
DE: Detect
RS: Respond
RC: Recover

CMMC Level 1

NIST SP 800-171
- CMMC Level 2 - NIST SP 800-171 r2
CMMC Level 3

RS.AN-06:

Actions performed during an investigation are recorded, and the records' integrity and provenance are preserved

Implementation Examples

Ex1:

Ex2:

Peaches.Cloud

Quick Links

Contact

Support Our Research