03.06.03: Incident Response Testing
Control Familly: Incident Response
SPRS: N/A
Top Ten Failed Requirement: N/A
Supporting Publications:
SP 800-84 [48]
Referenced in: N/A
Control Type: N/A
CPCSC Level 2: 03.06.03
CMMC Level(s): N/A
Derived From: NIST SP 800-53r5
IR-03
Test the effectiveness of the incident response capability [Assignment: organizationdefined frequency].
Discussion:
Organizations test incident response capabilities to determine their effectiveness and identify potential weaknesses or deficiencies. Incident response testing includes the use of checklists, walk-through or tabletop exercises, and simulations. Incident response testing can include a determination of the effects of incident response on organizational operations, organizational assets, and individuals. Qualitative and quantitative data can help determine the effectiveness of incident response processes.
Assessment Methods and Objectives
Examine [SELECT FROM: incident response policy and procedures; contingency planning policy and procedures; procedures for incident response testing; procedures for contingency plan testing; incident response testing material; incident response test results; incident response test plan; incident response plan; contingency plan; system security plan; other relevant documents or records]
Interview [SELECT FROM: personnel with incident response testing responsibilities; personnel with information security responsibilities]
NIST SP 800-171A r3 Determining Statements Determine if:
A.03.06.03.ODP[01]: the frequency at which to test the effectiveness of the incident response capability for the system is defined.
A.03.06.03: the effectiveness of the incident response capability is tested <A.03.06.03.ODP[01]: frequency>.