← Back to catalog
IR-5

Incident Monitoring

Incident Response (IR)
Baselines
Low · IncludedModerate · IncludedHigh · Included
Description

Track and document incidents.

Discussion

Documenting incidents includes maintaining records about each incident, the status of the incident, and other pertinent information necessary for forensics as well as evaluating incident details, trends, and handling. Incident information can be obtained from a variety of sources, including network monitoring, incident reports, incident response teams, user complaints, supply chain partners, audit monitoring, physical access monitoring, and user and administrator reports. [IR-4](#ir-4) provides information on the types of incidents that are appropriate for monitoring.

Implementation guidance

No content available.

CSF 2.0 crosswalk
DE.AE-03Information is correlated from multiple sourcesDetect
RS.MA-02Incident reports are triaged and validatedRespond
RS.MA-03Incidents are categorized and prioritizedRespond
RS.MA-04Incidents are escalated or elevated as neededRespond