Overview
  1. 03.01: Access Control
  2. 03.02: Awareness and Training
  3. 03.03: Audit and Accountability
  4. 03.04: Configuration Management
  5. 03.05: Identification and Authentication
  6. 03.06: Incident Response
  7. 03.07: Maintenance
  8. 03.08: Media Protection
  9. 03.09: Personnel Security
  10. 03.10: Physical Protection
  11. 03.11: Risk Assessment
  12. 03.12: Security Assessment
  13. 03.13: System and Communications Protection
  14. 03.14: System and Information Integrity

Security Requirements for 03.06.03 Incident Response Testing

Organizations test incident response capabilities to determine the effectiveness of the capabilities and to identify potential weaknesses or deficiencies. Incident response testing includes the use of checklists, walk-through or tabletop exercises, simulations (both parallel and full interrupt), and comprehensive exercises. Incident response testing can also include a determination of the effects on organizational operations (e.g., reduction in mission capabilities), organizational assets, and individuals due to incident response.[SP 800-84] provides guidance on testing programs for information technology capabilities.

Evidence

  1. 03.06.03.a

    The incident response capability is tested