← Back to catalog
SA-15(10)
Incident Response Plan
System and Services Acquisition (SA)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description
Require the developer of the system, system component, or system service to provide, implement, and test an incident response plan.
Discussion
The incident response plan provided by developers may provide information not readily available to organizations and be incorporated into organizational incident response plans. Developer information may also be extremely helpful, such as when organizations respond to vulnerabilities in commercial off-the-shelf products.
Implementation guidance
No content available.
CSF 2.0 crosswalk
No CSF mappings exist for this control.