NIST CSF: RS.AN-3 Subcategory

From NIST's Cyber Security Framework (version 1):

Forensics are performed

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

CSF Mapped to SP800-53 Controls

Generated from NIST's SP800-53/CSF Crosswalk mappings.

Node
AU-7: Audit Record Reduction and Report Generation
IR-4: Incident Handling

Related ISO 27001 Controls

Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

  • Collection of evidence (16.1.7)
    ISO 27001:2013

Related ISA/IEC 62443 Controls

Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

  • Non-repudiation (SR 2.12)
    ISA/IEC 62443-3-3:2013
  • Audit log accessibility (SR 6.1)
    ISA/IEC 62443-3-3:2013
  • Audit storage capacity (SR 2.9)
    ISA/IEC 62443-3-3:2013
  • Protection of audit information (SR 3.9)
    ISA/IEC 62443-3-3:2013
  • Response to audit processing failures (SR 2.10)
    ISA/IEC 62443-3-3:2013
  • Auditable events (SR 2.8)
    ISA/IEC 62443-3-3:2013
  • Timestamps (SR 2.11)
    ISA/IEC 62443-3-3:2013

CSF Mapped to the NCSC CAF

Cyber Assessment Framework mappings generated from UK Cabinet Office data.

Control ID Name Description
D1.b Response and Recovery Capability You have the capability to enact your incident response plan, including effective limitation of impact on the operation of your essential function. During an incident, you have access to timely information on which to base your response decisions.