ID.IM-02: Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties
Ex1: Identify improvements for future incident response activities based on findings from incident response assessments (e.g., tabletop exercises and simulations, tests, internal reviews, independent audits)
Ex2: Identify improvements for future business continuity, disaster recovery, and incident response activities based on exercises performed in coordination with critical service providers and product suppliers
Ex3: Involve internal stakeholders (e.g., senior executives, legal department, HR) in security tests and exercises as appropriate
Ex4: Perform penetration testing to identify opportunities to improve the security posture of selected high-risk systems as approved by leadership
Ex5: Exercise contingency plans for responding to and recovering from the discovery that products or services did not originate with the contracted supplier or partner or were altered before receipt
Ex6: Collect and analyze performance metrics using security tools and services to inform improvements to the cybersecurity program
Tier
Description
Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties