ID.IM-04
Incident response plans and other cybersecurity plans that affect operations are established, communicated, maintained, and improved
Implementation examples
- Ex1: Establish contingency plans (e.g., incident response, business continuity, disaster recovery) for responding to and recovering from adverse events that can interfere with operations, expose confidential information, or otherwise endanger the organization's mission and viability
- Ex2: Include contact and communication information, processes for handling common scenarios, and criteria for prioritization, escalation, and elevation in all contingency plans
- Ex3: Create a vulnerability management plan to identify and assess all types of vulnerabilities and to prioritize, test, and implement risk responses
- Ex4: Communicate cybersecurity plans (including updates) to those responsible for carrying them out and to affected parties
- Ex5: Review and update all cybersecurity plans annually or when a need for significant improvements is identified
Mapped NIST 800-53 r5 controls (4)
All informative references (57)
- CCMv4.0: BCR-01
- CCMv4.0: BCR-04
- CCMv4.0: BCR-05
- CCMv4.0: BCR-09
- CCMv4.0: CEK-20
- CCMv4.0: SEF-01
- CCMv4.0: SEF-02
- CCMv4.0: SEF-03
- CCMv4.0: SEF-04
- CCMv4.0: SEF-05
- CRI Profile v2.0: ID.IM-04
- CRI Profile v2.0: ID.IM-04.01
- CRI Profile v2.0: ID.IM-04.02
- CRI Profile v2.0: ID.IM-04.03
- CRI Profile v2.0: ID.IM-04.04
- CRI Profile v2.0: ID.IM-04.05
- CRI Profile v2.0: ID.IM-04.06
- CRI Profile v2.0: ID.IM-04.07
- CRI Profile v2.0: ID.IM-04.08
- CSF v1.1: PR.IP-9
- CSF v1.1: RS.IM-1
- CSF v1.1: RC.IM-1
- CSF v1.1: PR.IP-10
- ISO/IEC 27001:2022: Mandatory Clause: 9.1
- ISO/IEC 27001:2022: Annex A Controls: 5.24
- ISO/IEC 27001:2022: Annex A Controls: 5.26
- ISO/IEC 27001:2022: Annex A Controls: 5.27
- NICE Framework: DD-WRL-004
- NICE Framework: DD-WRL-006
- NICE Framework: DD-WRL-007
- NICE Framework: OG-WRL-010
- NICE Framework: OG-WRL-016
- NICE Framework: PD-WRL-003
- OWASP Top 10 LLM Applications: LLM01-2025
- OWASP Top 10 LLM Applications: LLM02-2025
- OWASP Top 10 LLM Applications: LLM04-2025
- PCI DSS: 12.10.1
- PCI DSS: 12.10.2
- PCI DSS: 12.10.6
- PCI DSS: 12.10.3
- SCF: BCD-01
- SCF: BCD-06
- SCF: IRO-04
- SCF: IRO-04.2
- SP 800-171 Rev 3: 03.06.05
- SP 800-171 Rev 3: 03.15.02
- SP 800-171 Rev 3: 03.17.01
- SP 800-221A: MA.RR-4
- SP 800-221A: MA.IM-1
- SP 800-53 Rev 5.1.1: CP-02
- SP 800-53 Rev 5.1.1: IR-08
- SP 800-53 Rev 5.1.1: PL-02
- SP 800-53 Rev 5.1.1: SR-02
- SP 800-53 Rev 5.2.0: CP-02
- SP 800-53 Rev 5.2.0: IR-08
- SP 800-53 Rev 5.2.0: PL-02
- SP 800-53 Rev 5.2.0: SR-02
Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).