CAF Outcome D1.a: Response Plan

From the UK NCSC's Cyber Assessment Framework (version 3.1):

You have an up-to-date incident response plan that is grounded in a thorough risk assessment that takes account of your essential function and covers a range of incident scenarios.

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

NCSC CAF Mapped to NIST CSF

D1.a: Response Plan to CSF mappings generated from UK Cabinet Office table.

Search:

Control ID	Description
PR.IP-9	Response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are in place and managed
RS.AN-4	Incidents are categorized consistent with response plans
RS.CO-3	Information is shared consistent with response plans
RC.CO-3	Recovery activities are communicated to internal and external stakeholders as well as executive and management teams
ID.GV-2	Cybersecurity roles and responsibilities are coordinated and aligned with internal roles and external partners
ID.SC-5	Response and recovery planning and testing are conducted with suppliers and third-party providers
RS.CO-4	Coordination with stakeholders occurs consistent with response plans
RC.RP-1	Recovery plan is executed during or after a cybersecurity incident
DE.AE-2	Detected events are analyzed to understand attack targets and methods
RS.CO-1	Personnel know their roles and order of operations when a response is needed

Showing 1 to 10 of 10 entries

Related ISA/IEC 62443 Controls

Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CAF outcome, taken from mappings by Ofgem.

Communicate the incident response plan (4.3.4.5.2)
ISA/IEC 62443-2-1:2009
Identify and respond to incidents (4.3.4.5.6)
ISA/IEC 62443-2-1:2009
Implement an incident response plan (4.3.4.5.1)
ISA/IEC 62443-2-1:2009

Related ISO 27001 Controls

Clauses and controls from ISO 27001 (2013) which are related to this CAF outcome, taken from mappings by Ofgem.

Response to information security incidents (16.1.5)
ISO 27001:2013
Responsibilities and procedures (16.1.1)
ISO 27001:2013

Related SP800-53 Controls

Generated from NISTs SP800-53/CSF Crosswalk mappings.

Search:

Node
IR-8: Incident Response Plan
CP-2: Contingency Plan
PE-17: Alternate Work Site
IR-7: Incident Response Assistance
CP-7: Alternate Processing Site
CP-13: Alternative Security Mechanisms
CP-12: Safe Mode
IR-9: Information Spillage Response
IR-5: Incident Monitoring
IR-4: Incident Handling
RA-5: Vulnerability Monitoring and Scanning
CA-2: Control Assessments
PE-6: Monitoring Physical Access
CA-7: Continuous Monitoring
SI-4: System Monitoring
PS-7: External Personnel Security
PM-2: Information Security Program Leadership Role
PM-1: Information Security Program Plan
IR-3: Incident Response Testing
IR-6: Incident Reporting
CP-4: Contingency Plan Testing
CP-10: System Recovery and Reconstitution
AU-6: Audit Record Review, Analysis, and Reporting
CP-3: Contingency Training

Showing 1 to 24 of 24 entries

CAF Outcome D1.a: Response Plan

Cyber Threat Graph Context

NCSC CAF Mapped to NIST CSF

Related ISA/IEC 62443 Controls

Communicate the incident response plan (4.3.4.5.2)

Identify and respond to incidents (4.3.4.5.6)

Implement an incident response plan (4.3.4.5.1)

Related ISO 27001 Controls

Response to information security incidents (16.1.5)

Responsibilities and procedures (16.1.1)

Related SP800-53 Controls