IR-4

Incident Handling

Incident Response

The organization implements an incident handling capability for security incidents that includes preparation, detection and analysis, containment, eradication, and recovery.

High PriorityAI-Relevant Control

Purpose

Effectively respond to and recover from security incidents.

AI Relevance

Essential for responding to AI security incidents, model attacks, data breaches, and AI system compromises.

Implementation Guidance

Establish incident response procedures, train incident response teams, implement incident detection tools, and maintain incident response documentation.

Assessment

Test incident response procedures, conduct incident response exercises, review incident reports, and validate incident handling capabilities.

Requirements

  • 1Implement an incident handling capability for security incidents
  • 2Include preparation in the incident handling capability
  • 3Include detection and analysis in the incident handling capability
  • 4Include containment in the incident handling capability
  • 5Include eradication in the incident handling capability
  • 6Include recovery in the incident handling capability
  • 7Coordinate incident handling activities with contingency planning activities
  • 8Coordinate incident handling activities with business continuity planning activities
  • 9Coordinate incident handling activities with disaster recovery planning activities
  • 10Coordinate incident handling activities with crisis management activities

Related Controls

IR-2: IR-2IR-3: IR-3IR-6: IR-6IR-8: IR-8

References

NIST SP 800-53 Rev 5NIST Computer Security Incident Handling Guide

Framework Context

NIST 800-53 Rev 5

Security and Privacy Controls for Federal Information Systems

Official Documentation →

NIST AI RMF

AI Risk Management Framework

AI RMF Documentation →

OWASP AISVS

AI Security Verification Standard

AISVS Documentation →