FedRAMP Controls / IR
IR-4(1) Automated Incident Handling Processes
Family IR
Baselines moderate
Mapped KSIs 5
Control statement
Support the incident handling process using {{ insert: param, ir-04.01_odp }}. Parameter placeholders {{ insert: param, … }} reference FedRAMP-set values in the resolved profile. Full parameter map is
preserved in the catalog database.
Covered by these Key Security Indicators
| KSI | Title | Category |
|---|---|---|
| KSI-AFR-04 | Vulnerability Detection and Response Document the vulnerability detection and vulnerability response methodology used within the cloud service offering in alignment with the FedRAMP Vulnerability Detection and Response (VDR) process and persistently address all related requirements and recommendations. | Authorization by FedRAMP |
| KSI-INR-01 | Incident Response Procedures _Persistently_ review the effectiveness of documented incident response procedures. | Incident Response |
| KSI-INR-02 | Incident Review _Persistently_ review past incidents for patterns or _vulnerabilities_. | Incident Response |
| KSI-INR-03 | Incident After Action Reports Generate incident after action reports and _persistently_ incorporate lessons learned. | Incident Response |
| KSI-MLA-01 | Security Information and Event Management (SIEM) Operate a Security Information and Event Management (SIEM) or similar system(s) for centralized, tamper-resistent logging of events, activities, and changes. | Monitoring, Logging, and Auditing |