RS.MA-03
Incidents are categorized and prioritized
Implementation examples
- Ex1: Further review and categorize incidents based on the type of incident (e.g., data breach, ransomware, DDoS, account compromise)
- Ex2: Prioritize incidents based on their scope, likely impact, and time-critical nature
- Ex3: Select incident response strategies for active incidents by balancing the need to quickly recover from an incident with the need to observe the attacker or conduct a more thorough investigation
Mapped NIST 800-53 r5 controls (3)
Mapped CWE weaknesses (2)
Hover any chip for the human-reviewed coverage assessment in each direction. ← = the CWE covers this subcategory; → = this subcategory covers the CWE. F / M / P = full, mostly, partial.
All informative references (31)
- CCMv4.0: SEF-02
- CCMv4.0: SEF-06
- CRI Profile v2.0: RS.MA-03
- CRI Profile v2.0: RS.MA-03.01
- CSF v1.1: RS.AN-4
- CSF v1.1: RS.AN-2
- Guardian-SDK: GS-PF-04
- ISO/IEC 27001:2022: Mandatory Clause: None
- ISO/IEC 27001:2022: Annex A Controls: 5.25
- NICE Framework: IO-WRL-005
- NICE Framework: IO-WRL-006
- NICE Framework: IO-WRL-007
- NICE Framework: PD-WRL-001
- NICE Framework: PD-WRL-002
- NICE Framework: PD-WRL-003
- NICE Framework: PD-WRL-006
- PCI DSS: 12.10.1
- PCI DSS: 10.4.1
- PCI DSS: 12.10.2
- PCI DSS: 12.10.6
- SCF: IRO-02.4
- SDOS: SDOS-AU-01
- SDOS: SDOS-RM-01
- SP 800-171 Rev 3: 03.06.01
- SP 800-171 Rev 3: 03.06.02
- SP 800-53 Rev 5.1.1: IR-04
- SP 800-53 Rev 5.1.1: IR-05
- SP 800-53 Rev 5.1.1: IR-06
- SP 800-53 Rev 5.2.0: IR-04
- SP 800-53 Rev 5.2.0: IR-05
- SP 800-53 Rev 5.2.0: IR-06
Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).