DE.AE-08
Incidents are declared when adverse events meet the defined incident criteria
Implementation examples
- Ex1: Apply incident criteria to known and assumed characteristics of activity in order to determine whether an incident should be declared
- Ex2: Take known false positives into account when applying incident criteria
Mapped NIST 800-53 r5 controls (2)
Mapped CWE weaknesses (2)
Hover any chip for the human-reviewed coverage assessment in each direction. ← = the CWE covers this subcategory; → = this subcategory covers the CWE. F / M / P = full, mostly, partial.
All informative references (30)
- CCMv4.0: LOG-03
- CCMv4.0: LOG-05
- CCMv4.0: SEF-02
- CCMv4.0: SEF-06
- CCMv4.0: SEF-07
- CRI Profile v2.0: DE.AE-08
- CRI Profile v2.0: DE.AE-08.01
- CSF v1.1: DE.AE-5
- Guardian-SDK: GS-PF-01
- ISO/IEC 27001:2022: Mandatory Clause: None
- ISO/IEC 27001:2022: Annex A Controls: 5.25
- ISO/IEC 27001:2022: Annex A Controls: 5.26
- NICE Framework: IO-WRL-006
- NICE Framework: OG-WRL-007
- NICE Framework: OG-WRL-010
- NICE Framework: PD-WRL-001
- NICE Framework: PD-WRL-003
- NICE Framework: PD-WRL-006
- PCI DSS: 12.10.1
- PCI DSS: 12.10.2
- PCI DSS: 12.10.4
- SCF: IRO-02
- SCF: IRO-02.4
- SDOS: SDOS-AU-02
- SDOS: SDOS-RS-01
- SP 800-171 Rev 3: 03.06.05
- SP 800-53 Rev 5.1.1: IR-04
- SP 800-53 Rev 5.1.1: IR-08
- SP 800-53 Rev 5.2.0: IR-04
- SP 800-53 Rev 5.2.0: IR-08
Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).