Incident Response is the sixth family in the NIST 800-171 standard. This family is all about the processes that are triggered when a cybersecurity threat or breach occurs.


Why is Incident Response important?

An incident response plan is a guide you develop so your management team and employees, at all levels, will know what steps to take when managing a potential cybersecurity breach. This plan is equally important to having cybersecurity protections in place. While we need to protect data we also need to be prepared with a plan for what to do if that data is breached.


What is Incident Response about in NIST 800-171?

There are only three controls in the Incident Response family. Although there are only three controls, remember that the incident response plan is a critical element in your cybersecurity preparedness. The controls within the Incident Response family focus on the development, implementation and testing of your incident response plan.

  1. Develop an incident response plan—Include the maximum allowed turnaround time for responding to threats. Assign roles to members of your organization: who will report the breach and to whom? Who will confirm and analyze the breach? Who will fix the problem? Who will record the breach?
  2. Track, document and report incidents both internally and externally to appropriate officials—-Identify the appropriate internal and external contacts in your incident response plan. Maintain records of all detected breaches included the initial date of breach, date of reporting the breach, analysis and date of recovery.
  3. Test incident response procedures—As part of your emergency planning, include a test of your incident response procedures. Define the frequency of testing in your incident response plan. Keep a record of these tests.


Check back for our next blog post and learn more about the Maintenance family. You may also be interested in reading our last post on Identification Authentication.



Katherine Bennett

Katherine Bennett leads the Instructional Design team for NCMEP partner NC State Industry Expansion Solutions. She also serves as project manager for instructional design services. Katherine plays a key leadership role in supporting the IES goal of providing instructional design and development expertise that complements the field-specific expertise of IES partners, while meeting the learning needs of target audiences. Katherine holds a bachelor’s degree in Computer Science from the University of North Carolina at Charlotte and a master’s degree in Instructional Technology from East Carolina University.