NIST 800-53 REV 5 • INCIDENT RESPONSE

IR-7Incident Response Assistance

Provide an incident response support resource, integral to the organizational incident response capability, that offers advice and assistance to users of the system for the handling and reporting of incidents.

CMMC Practice Mapping

NIST 800-171 Mapping

Related Controls

Supplemental Guidance

Incident response support resources provided by organizations include help desks, assistance groups, automated ticketing systems to open and track incident response tickets, and access to forensics services or consumer redress services, when required.

Practitioner Notes

Your employees need somewhere to turn for help when they encounter a security incident. This control requires an incident response support resource — like a help desk, security team, or managed service — that can assist users.

Example 1: Add incident response support to your IT help desk procedures. Train help desk staff to recognize security incidents, capture key details, and escalate to your security team. Create a dedicated queue or ticket category for security incidents so they are prioritized appropriately.

Example 2: If you use a managed security service provider (MSSP), ensure their contact information is posted in common areas and on the intranet. Provide a 24/7 phone number or chat option for after-hours security emergencies. Test the response process quarterly by calling in a simulated report.

More Incident Response Controls

IR-1 Policy and Procedures IR-2 Incident Response Training IR-2(1) Simulated Events IR-2(2) Automated Training Environments