STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← All Controls

IR-8

Incident ResponseRev 5organization

Incident Response Plan

Baselines:LowModerateHighPrivacy

Control Statement

a. Develop an incident response plan that: 1. Provides the organization with a roadmap for implementing its incident response capability; 2. Describes the structure and organization of the incident response capability; 3. Provides a high-level approach for how the incident response capability fits into the overall organization; 4. Meets the unique requirements of the organization, which relate to mission, size, structure, and functions; 5. Defines reportable incidents; 6. Provides metrics for measuring the incident response capability within the organization; 7. Defines the resources and management support needed to effectively maintain and mature an incident response capability; 8. Addresses the sharing of incident information; 9. Is reviewed and approved by [Assignment: personnel or roles] [Assignment: frequency] ; and 10. Explicitly designates responsibility for incident response to [Assignment: entities, personnel, or roles]. b. Distribute copies of the incident response plan to [Assignment: incident response personnel]; c. Update the incident response plan to address system and organizational changes or problems encountered during plan implementation, execution, or testing; d. Communicate incident response plan changes to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements] ; and e. Protect the incident response plan from unauthorized disclosure and modification.

Supplemental Guidance

It is important that organizations develop and implement a coordinated approach to incident response. Organizational mission and business functions determine the structure of incident response capabilities. As part of the incident response capabilities, organizations consider the coordination and sharing of information with external organizations, including external service providers and other organizations involved in the supply chain. For incidents involving personally identifiable information (i.e., breaches), include a process to determine whether notice to oversight organizations or affected individuals is appropriate and provide that notice accordingly.

Related Controls (11)

AC-2CP-2CP-4IR-4IR-7IR-9PE-6PL-2SA-15SI-12SR-8

CCI Identifiers (22)

CCI-000844Develop an incident response plan that is reviewed and approved by organization-defined personnel or roles on an organization-defined frequency.CCI-000845Defines incident response personnel (identified by name and/or by role) and organizational elements to whom copies of the incident response plan are distributed.CCI-000846Distributes copies of the incident response plan to organization-defined incident response personnel (identified by name and/or by role) and organizational elements.CCI-000847The organization defines the frequency for reviewing the incident response plan.CCI-000848The organization reviews the incident response plan on an organization-defined frequency.CCI-002802Defines personnel or roles to review and approve the incident response plan.CCI-002801Develop an incident response plan that defines the resources and management support needed to effectively maintain and mature an incident response capability.CCI-002803Defines incident response personnel (identified by name and/or by role) and organizational elements to whom incident response plan changes will be communicated.

Linked STIG Checks (0)

No STIG checks reference this control.

CCI-000849Update the incident response plan to address system and organizational changes or problems encountered during plan implementation, execution, or testing.
CCI-000850Communicate incident response plan changes to organization-defined incident response personnel (identified by name and/or by role) and organizational elements.
CCI-002795Develop an incident response plan that provides the organization with a roadmap for implementing its incident response capability.
CCI-002796Develop an incident response plan that describes the structure and organization of the incident response capability.
CCI-002797Develop an incident response plan that provides a high-level approach for how the incident response capability fits into the overall organization.
CCI-002798Develop an incident response plan that meets the unique requirements of the organization, which relate to mission, size, structure, and functions.
CCI-002800Develop an incident response plan that provides metrics for measuring the incident response capability within the organization.
CCI-000843The organization develops an incident response plan that provides the organization with a roadmap for implementing its incident response capability; describes the structure and organization of the incident response capability; provides a high-level approach for how the incident response capability fits into the overall organization; meets the unique requirements of the organization, which relate to mission, size, structure, and functions; defines reportable incidents; provides metrics for measuring the incident response capability within the organization; and defines the resources and management support needed to effectively maintain and mature an incident response capability.
CCI-002799Develop an incident response plan that defines reportable incidents.
CCI-002804Protect the incident response plan from unauthorized disclosure and modification.
CCI-002794Develop an incident response plan.
CCI-004157Develop an incident response plan that addresses the sharing of incident information.
CCI-004158Defines the frequency organization-defined personnel or roles will review and approve the incident response plan.
CCI-004159Develop an incident response plan that explicitly designates responsibility for incident response to organization-defined entities, personnel, or roles.