Control Framework

RES: Resilience

The Resilience domain addresses incident response and recovery procedures. Four controls ensure organizations can detect, contain, investigate, and recover from agent-related incidents.

RES-01 Incident Classification

Requirement: The organization shall maintain classification criteria for agent-related security incidents.

Rationale: Enables appropriate response based on incident severity.

Evidence: Classification matrix and decision criteria.

Profile: Standard

RES-02 Containment Procedures

Requirement: Documented procedures shall define containment actions for each incident classification.

Rationale: Ensures rapid, consistent response to incidents.

Evidence: Runbooks with containment procedures.

Profile: Elevated

RES-03 Forensic Preservation

Requirement: Incident response procedures shall include preservation of evidence for forensic analysis.

Rationale: Enables root cause analysis and potential legal proceedings.

Evidence: Evidence preservation procedures and chain of custody documentation.

Profile: Elevated

RES-04 Recovery Procedures

Requirement: Documented procedures shall define steps to restore normal operations following incidents.

Rationale: Minimizes downtime and ensures controlled recovery.

Evidence: Recovery runbooks and test results.

Profile: Critical

Previous
INT: Intervention
Next
SUP: Supply Chain