CAF Outcome D1.a: Response Plan

From the UK NCSC's Cyber Assessment Framework (version 3.1):

You have an up-to-date incident response plan that is grounded in a thorough risk assessment that takes account of your essential function and covers a range of incident scenarios.

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

NCSC CAF Mapped to NIST CSF

D1.a: Response Plan to CSF mappings generated from UK Cabinet Office table.

Control ID Description
PR.IP-9 Response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are in place and managed
RS.AN-4 Incidents are categorized consistent with response plans
RS.CO-3 Information is shared consistent with response plans
RC.CO-3 Recovery activities are communicated to internal and external stakeholders as well as executive and management teams
ID.GV-2 Cybersecurity roles and responsibilities are coordinated and aligned with internal roles and external partners
ID.SC-5 Response and recovery planning and testing are conducted with suppliers and third-party providers
RS.CO-4 Coordination with stakeholders occurs consistent with response plans
RC.RP-1 Recovery plan is executed during or after a cybersecurity incident
DE.AE-2 Detected events are analyzed to understand attack targets and methods
RS.CO-1 Personnel know their roles and order of operations when a response is needed

Related ISA/IEC 62443 Controls

Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CAF outcome, taken from mappings by Ofgem.

  • Communicate the incident response plan (4.3.4.5.2)
    ISA/IEC 62443-2-1:2009
  • Identify and respond to incidents (4.3.4.5.6)
    ISA/IEC 62443-2-1:2009
  • Implement an incident response plan (4.3.4.5.1)
    ISA/IEC 62443-2-1:2009

Related ISO 27001 Controls

Clauses and controls from ISO 27001 (2013) which are related to this CAF outcome, taken from mappings by Ofgem.

  • Response to information security incidents (16.1.5)
    ISO 27001:2013
  • Responsibilities and procedures (16.1.1)
    ISO 27001:2013

Related SP800-53 Controls

Generated from NISTs SP800-53/CSF Crosswalk mappings.

Node
IR-8: Incident Response Plan
CP-2: Contingency Plan
PE-17: Alternate Work Site
IR-7: Incident Response Assistance
CP-7: Alternate Processing Site
CP-13: Alternative Security Mechanisms
CP-12: Safe Mode
IR-9: Information Spillage Response
IR-5: Incident Monitoring
IR-4: Incident Handling
RA-5: Vulnerability Monitoring and Scanning
CA-2: Control Assessments
PE-6: Monitoring Physical Access
CA-7: Continuous Monitoring
SI-4: System Monitoring
PS-7: External Personnel Security
PM-2: Information Security Program Leadership Role
PM-1: Information Security Program Plan
IR-3: Incident Response Testing
IR-6: Incident Reporting
CP-4: Contingency Plan Testing
CP-10: System Recovery and Reconstitution
AU-6: Audit Record Review, Analysis, and Reporting
CP-3: Contingency Training