RS.MA-01
The incident response plan is executed in coordination with relevant third parties once an incident is declared
Implementation examples
- Ex1: Detection technologies automatically report confirmed incidents
- Ex2: Request incident response assistance from the organization's incident response outsourcer
- Ex3: Designate an incident lead for each incident
- Ex4: Initiate execution of additional cybersecurity plans as needed to support incident response (for example, business continuity and disaster recovery)
Mapped NIST 800-53 r5 controls (5)
All informative references (53)
- AI-SOC: AI-SOC-12
- AI-SOC: AI-SOC-04
- CCMv4.0: BCR-07
- CCMv4.0: IVS-09
- CCMv4.0: SEF-01
- CCMv4.0: SEF-03
- CCMv4.0: SEF-07
- CIS Controls v8.0: 17.4
- CIS Controls v8.1: 17.4
- CRI Profile v2.0: RS.MA-01
- CRI Profile v2.0: RS.MA-01.01
- CSF v1.1: RS.RP-1
- CSF v1.1: RS.CO-4
- CoP: D1
- IRP: IRP-Sec-6
- IRP: IRP-Sec-6
- IRP: IRP-Sec-6
- ISO/IEC 27001:2022: Mandatory Clause: None
- ISO/IEC 27001:2022: Annex A Controls: 5.26
- ISO/IEC 27001:2022: Annex A Controls: 5.27
- ISO/IEC 27001:2022: Annex A Controls: 5.28
- NICE Framework: IO-WRL-005
- NICE Framework: IO-WRL-007
- NICE Framework: OG-WRL-007
- NICE Framework: OG-WRL-010
- NICE Framework: PD-WRL-001
- NICE Framework: PD-WRL-003
- NICE Framework: PD-WRL-004
- OWASP Top 10 LLM Applications: LLM01-2025
- OWASP Top 10 LLM Applications: LLM02-2025
- OWASP Top 10 LLM Applications: LLM04-2025
- PCI DSS: 12.10.1
- PCI DSS: 12.10.3
- PCI DSS: 12.10.2
- PCI DSS: 12.8.2
- SCF: IRO-02
- SCF: IRO-02.5
- SCF: IRO-04
- SCF: IRO-07
- SCF: IRO-10
- SP 800-171 Rev 3: 03.06.02
- SP 800-171 Rev 3: 03.06.05
- SP 800-171 Rev 3: 03.17.03
- SP 800-53 Rev 5.1.1: IR-06
- SP 800-53 Rev 5.1.1: IR-07
- SP 800-53 Rev 5.1.1: IR-08
- SP 800-53 Rev 5.1.1: SR-03
- SP 800-53 Rev 5.1.1: SR-08
- SP 800-53 Rev 5.2.0: IR-06
- SP 800-53 Rev 5.2.0: IR-07
- SP 800-53 Rev 5.2.0: IR-08
- SP 800-53 Rev 5.2.0: SR-03
- SP 800-53 Rev 5.2.0: SR-08
Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).