IR-03 Incident Response Testing And Exercises
Control: The organization tests and/or exercises the incident response capability for the information system [Assignment: organization-defined frequency, at least annually] using [Assignment: organization-defined tests and/or exercises] to determine the incident response effectiveness and documents the results.
Supplemental Guidance: NIST Special Publication 800-84 provides guidance on test, training, and exercise programs for information technology plans and capabilities.
Control Enhancements:
(1) The organization employs automated mechanisms to more thoroughly and effectively test/exercise the incident response capability.
Enhancement Supplemental Guidance: Automated mechanisms can provide the ability to more thoroughly and effectively test or exercise the capability by providing more complete coverage of incident response issues, selecting more realistic test/exercise scenarios and environments, and more effectively stressing the response capability.
Baseline: LOW Not Selected MOD IR-3 HIGH IR-3 (1)
Family: Incident Response
Class: Operational
ISO 17799 mapping: 14.1.5
COBIT 4.1 mapping: None.
PCI-DSS v2 mapping: 12.9.2