Skip to main content
IRO

Incident Response

41 controls

Maintain a viable incident response capability that trains personnel on how to recognize and report suspicious activities so that trained incident responders can take the appropriate steps to handle incidents, in accordance with a documented Incident Response Plan (IRP).

SCF # Control Name Weight NIST CSF Frameworks
IRO-01 Incident Response Operations 9 — Critical Govern 123
IRO-02 Incident Handling 10 — Critical Respond 125
IRO-02.1 Automated Incident Handling Processes 1 — Low Respond 26
IRO-02.2 Insider Threat Response Capability 5 — Medium Protect 17
IRO-02.3 Dynamic Reconfiguration 5 — Medium Respond 9
IRO-02.4 Incident Classification & Prioritization 5 — Medium Respond 24
IRO-02.5 Correlation with External Organizations 5 — Medium Respond 17
IRO-02.6 Automatic Disabling of Technology Assets, Applications and/or Services (TAAS) 6 — Medium Respond 6
IRO-03 Indicators of Compromise (IOC) 8 — High Respond 26
IRO-04 Incident Response Plan (IRP) 9 — Critical Respond 124
IRO-04.1 Data Breach 8 — High Respond 39
IRO-04.2 IRP Update 8 — High Respond 61
IRO-04.3 Continuous Incident Response Improvements 3 — Low Identify 8
IRO-05 Incident Response Training 9 — Critical Respond 60
IRO-05.1 Simulated Incidents 5 — Medium Respond 16
IRO-05.2 Automated Incident Response Training Environments 5 — Medium Respond 10
IRO-06 Incident Response Testing 9 — Critical Respond 62
IRO-06.1 Coordination with Related Plans 7 — High Protect 35
IRO-07 Integrated Security Incident Response Team (ISIRT) 9 — Critical Respond 58
IRO-08 Chain of Custody & Forensics 9 — Critical Respond 35
IRO-09 Situational Awareness For Incidents 8 — High Detect 86
IRO-09.1 Automated Tracking, Data Collection & Analysis 1 — Low Detect 11
IRO-09.2 Recurring Incident Analysis 5 — Medium Identify 1
IRO-10 Incident Stakeholder Reporting 9 — Critical Respond 126
IRO-10.1 Automated Reporting 9 — Critical Detect 22
IRO-10.2 Cyber Incident Reporting for Sensitive / Regulated Data 9 — Critical Detect 44
IRO-10.3 Vulnerabilities Related To Incidents 8 — High Respond 10
IRO-10.4 Supply Chain Coordination 7 — High Respond 34
IRO-10.5 Serious Incident Reporting 5 — Medium Identify 2
IRO-11 Incident Reporting Assistance 5 — Medium Respond 44
IRO-11.1 Automation Support of Availability of Information / Support 1 — Low Respond 20
IRO-11.2 Coordination With External Providers 5 — Medium Respond 23
IRO-12 Sensitive / Regulated Data Spill Response 8 — High Respond 38
IRO-12.1 Sensitive / Regulated Data Spill Responsible Personnel 8 — High Respond 15
IRO-12.2 Sensitive / Regulated Data Spill Training 8 — High Respond 12
IRO-12.3 Post-Sensitive / Regulated Data Spill Operations 8 — High Respond 18
IRO-12.4 Sensitive / Regulated Data Exposure to Unauthorized Personnel 8 — High Respond 14
IRO-13 Root Cause Analysis (RCA) & Lessons Learned 8 — High Respond 91
IRO-14 Regulatory & Law Enforcement Contacts 9 — Critical Identify 54
IRO-15 Detonation Chambers (Sandboxes) 5 — Medium Respond 17
IRO-16 Public Relations & Reputation Repair 6 — Medium Recover 11

The Secure Controls Framework (SCF) is maintained by SCF Council. Use of SCF content is subject to the SCF Terms & Conditions.

Manage SCF Controls in SCF Connect

Streamline your compliance program with automated control tracking, evidence management, and framework mapping.

Get Started Free