IR-5: Incident Monitoring

From NIST's SP800-53:

Track and document incidents.

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

SP800-53 Control Mapped to NIST Cyber Security Framework

Generated from NISTs SP800-53/CSF Crosswalk mappings.

Control ID Description
RS.AN-1 Notifications from detection systems are investigated
RS.AN-4 Incidents are categorized consistent with response plans
DE.AE-5 Incident alert thresholds are established
DE.AE-3 Event data are collected and correlated from multiple sources and sensors

MITRE ATT&CK Techniques

See which MITRE ATT&CK techniques this control helps to protect against.

ATT&CK ID Title Associated Tactics
T1564.008 Email Hiding Rules Defense Evasion