STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← All Controls

IR-3

Incident ResponseRev 5organization

Incident Response Testing

Baselines:ModerateHighPrivacy

Control Statement

Test the effectiveness of the incident response capability for the system [Assignment: frequency] using the following tests: [Assignment: tests].

Supplemental Guidance

Organizations test incident response capabilities to determine their effectiveness and identify potential weaknesses or deficiencies. Incident response testing includes the use of checklists, walk-through or tabletop exercises, and simulations (parallel or full interrupt). Incident response testing can include a determination of the effects on organizational operations and assets and individuals due to incident response. The use of qualitative and quantitative data aids in determining the effectiveness of incident response processes.

Related Controls (6)

CP-3CP-4IR-2IR-4IR-8PM-14

CCI Identifiers (4)

CCI-000818Test the effectiveness of the incident response capability for the system on an organization-defined frequency using organization-defined tests.CCI-000819Defines a frequency for incident response tests.CCI-000820Defines tests for incident response.CCI-001624The organization documents the results of incident response tests.

Linked STIG Checks (0)

No STIG checks reference this control.