CAF Outcome D2.a: Incident Root Cause Analysis
From the UK NCSC's Cyber Assessment Framework (version 3.1):
When an incident occurs, steps must be taken to understand its root causes and ensure appropriate remediating action is taken.
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
NCSC CAF Mapped to NIST CSF
D2.a: Incident Root Cause Analysis to CSF mappings generated from UK Cabinet Office table.
| Control ID | Description |
|---|---|
| DE.DP-5 | Detection processes are continuously improved |
| DE.AE-3 | Event data are collected and correlated from multiple sources and sensors |
| RS.AN-2 | The impact of the incident is understood |
| RS.IM-1 | Response plans incorporate lessons learned |
| DE.AE-2 | Detected events are analyzed to understand attack targets and methods |
| RS.CO-3 | Information is shared consistent with response plans |
| DE.DP-4 | Event detection information is communicated |
Related ISA/IEC 62443 Controls
Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CAF outcome, taken from mappings by Ofgem.
-
Document the details of incidents (4.3.4.5.8)
ISA/IEC 62443-2-1:2009
Related ISO 27001 Controls
Clauses and controls from ISO 27001 (2013) which are related to this CAF outcome, taken from mappings by Ofgem.
-
Learning from information security incidents (16.1.6)
ISO 27001:2013 -
Collection of evidence (16.1.7)
ISO 27001:2013
Related SP800-53 Controls
Generated from NISTs SP800-53/CSF Crosswalk mappings.