CAF Outcome D1.c: Testing and Exercising
From the UK NCSC's Cyber Assessment Framework (version 3.1):
Your organisation carries out exercises to test response plans, using past incidents that affected your (and other) organisation, and scenarios that draw on threat intelligence and your risk assessment.
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
NCSC CAF Mapped to NIST CSF
D1.c: Testing and Exercising to CSF mappings generated from UK Cabinet Office table.
| Control ID | Description |
|---|---|
| ID.SC-5 | Response and recovery planning and testing are conducted with suppliers and third-party providers |
| RC.IM-2 | Recovery strategies are updated |
| RC.IM-1 | Recovery plans incorporate lessons learned |
| PR.IP-4 | Backups of information are conducted, maintained, and tested |
| PR.IP-10 | Response and recovery plans are tested |
ATT&CK Mitigations
MITRE ATT&CK mitigations which map to this CAF outcome, based on mappings by Ofgem.
Related ISA/IEC 62443 Controls
Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CAF outcome, taken from mappings by Ofgem.
-
Conduct drills (4.3.4.5.11)
ISA/IEC 62443-2-1:2009
Related SP800-53 Controls
Generated from NISTs SP800-53/CSF Crosswalk mappings.
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against. This is based on the above mappings to ATT&CK mitigations by Ofgem.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1656 | Impersonation | Defense Evasion |
| T1210 | Exploitation of Remote Services | Lateral Movement |
| T1211 | Exploitation for Defense Evasion | Defense Evasion |
| T1212 | Exploitation for Credential Access | Credential Access |
| T1068 | Exploitation for Privilege Escalation | Privilege Escalation |