Information Technology Reference
In-Depth Information
Category/
Subcategory/
Element
Control
Reference
Control Summary
Interpretation
IR-5
Incident monitoring
The organization tracks and
documents information system
security incidents on an ongoing
basis.
IR-6
Incident reporting
The organization promptly reports
incident information to
appropriate authorities.
IR-7
Incident response
assistance
The organization provides an
incident response support
resource that offers advice and
assistance to users of the
information system for the
handling and reporting of
security incidents. The support
resource is an integral part of the
organization's incident response
capability.
MA
Maintenance
MA-1
System maintenance
policy and
procedures
The organization develops,
disseminates, and periodically
reviews/updates: (i) a formal,
documented information system
maintenance policy that
addresses purpose, scope, roles,
responsibilities, management
commitment, coordination
among organizational entities,
and compliance; and (ii) formal,
documented procedures to
facilitate the implementation of
the information system
maintenance policy and
associated system maintenance
controls.
MA-2
Controlled
maintenance
The organization schedules,
performs, documents, and reviews
records of routine preventative
and regular maintenance
(including repairs) on the
components of the information
system in accordance with
manufacturer or vendor
specifications and organizational
requirements.
