SAMMY works best on screens 1024px wide or larger.
Cybersecurity Fundamentals
Browse Cybersecurity...
PR.IP-1 PR.IP-2 PR.IP-3 PR.IP-4 PR.IP-5 PR.IP-6 PR.IP-7 PR.IP-8 PR.IP-9 PR.IP-11 PR.IP-12
Maturity Level 2
Maturity Level 3
PR.IP-9.1
PR.IP-9.1: Incident response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) shall be established, maintained, approved, and tested to determine the effectiveness of the plans, and the readiness to execute the plans.
  • The incident response plan is the documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of a malicious cyber-attack.
  • Plans should incorporate recovery objectives, restoration priorities, metrics, contingency roles, personnel assignments and contact information.
  • Maintaining essential functions despite system disruption, and the eventual restoration of the organization’s systems, should be addressed.
  • Consider defining incident types, resources and management support needed to effectively maintain and mature the incident response and contingency capabilities.
Documentation Maturity
Not applicable - Not applicable in the selected scope.
Level 1 - Initial - No Process documentation or not formally approved by management.
Level 2 - Repeatable - Formally approved Process documentation exists but not reviewed in the previous 2 years.
Level 3 - Defined - Formally approved Process documentation exists, and exceptions are documented and approved. Documented and approved exceptions < 5% of the time.
Level 4 - Managed - Formally approved Process documentation exists, and exceptions are documented and approved. Documented and approved exceptions < 3% of the time.
Level 5 - Optimizing - Formally approved Process documentation exists, and exceptions are documented and approved. Documented and approved exceptions < 0,5% of the time.
Implementation Maturity
Not applicable - Not applicable in the selected scope.
Level 1 - Initial - Standard process does not exist.
Level 2 - Repeatable - Ad-hoc process exists and is done informally.
Level 3 - Defined - Formal process exists and is implemented. Evidence available for most activities. Less than 10% process exceptions.
Level 4 - Managed - Formal process exists and is implemented. Evidence available for all activities. Detailed metrics of the process are captured and reported. Minimal target for metrics has been established. Less than 5% of process exceptions.
Level 5 - Optimizing - Formal process exists and is implemented. Evidence available for all activities. Detailed metrics of the process are captured and reported. Minimal target for metrics has been established and continually improving. Less than 1% of process exceptions.
Description

Incident response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) shall be established, maintained, approved, and tested to determine the effectiveness of the plans, and the readiness to execute the plans.