RS.AN-07
Incident data and metadata are collected, and their integrity and provenance are preserved
Implementation examples
- Ex1: Collect, preserve, and safeguard the integrity of all pertinent incident data and metadata (e.g., data source, date/time of collection) based on evidence preservation and chain-of-custody procedures
Mapped NIST 800-53 r5 controls (3)
Mapped CWE weaknesses (2)
Hover any chip for the human-reviewed coverage assessment in each direction. ← = the CWE covers this subcategory; → = this subcategory covers the CWE. F / M / P = full, mostly, partial.
All informative references (33)
- AI-SOC: AI-SOC-23
- AI-SOC: AI-SOC-22
- CRI Profile v2.0: RS.AN-07
- CRI Profile v2.0: RS.AN-07.01
- ISO/IEC 27001:2022: Mandatory Clause: None
- ISO/IEC 27001:2022: Annex A Controls: 5.28
- NICE Framework: IO-WRL-001
- NICE Framework: IO-WRL-002
- NICE Framework: IO-WRL-003
- NICE Framework: IO-WRL-006
- NICE Framework: PD-WRL-002
- NICE Framework: PD-WRL-003
- NICE Framework: PD-WRL-004
- OWASP Top 10 LLM Applications: LLM02-2025
- OWASP Top 10 LLM Applications: LLM04-2025
- PCI DSS: 10.2.1
- PCI DSS: 10.3.2
- PCI DSS: 10.3.3
- PCI DSS: 10.6.1
- PCI DSS: 10.2.2
- SCF: IRO-08
- SDOS: SDOS-AU-01
- SDOS: SDOS-AU-03
- SP 800-171 Rev 3: 03.03.06
- SP 800-171 Rev 3: 03.06.01
- SP 800-171 Rev 3: 03.06.02
- SP 800-53 Rev 5.1.1: AU-07
- SP 800-53 Rev 5.1.1: IR-04
- SP 800-53 Rev 5.1.1: IR-06
- SP 800-53 Rev 5.2.0: AU-07
- SP 800-53 Rev 5.2.0: IR-04
- SP 800-53 Rev 5.2.0: IR-06
- SP 800-81r3: 2.1.3
Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).