NIST 800-53 REV 5 • INCIDENT RESPONSE

IR-7(1)Automation Support for Availability of Information and Support

Increase the availability of incident response information and support using {{ insert: param, ir-07.01_odp }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

Automated mechanisms can provide a push or pull capability for users to obtain incident response assistance. For example, individuals may have access to a website to query the assistance capability, or the assistance capability can proactively send incident response information to users (general distribution or targeted) as part of increasing understanding of current response capabilities and support.

Practitioner Notes

This enhancement calls for automation to make incident response information and support more readily available to users. People should be able to find what they need quickly without hunting for it.

Example 1: Create a dedicated incident response page on your company intranet with quick links to the IR plan, reporting forms, contact information, and common incident runbooks. Use a chatbot (like a Teams bot built with Power Virtual Agents) that can answer basic incident questions and route reports.

Example 2: Set up automated email responses that acknowledge incident reports and provide immediate guidance. When someone reports a phishing email, the auto-response could include steps to take immediately (disconnect from VPN, do not click further links, preserve the email as evidence).

More Incident Response Controls

IR-1 Policy and Procedures IR-2 Incident Response Training IR-2(1) Simulated Events IR-2(2) Automated Training Environments