IR-3: Incident Response Testing

Statement

• Test the effectiveness of the incident response capability for the system frequency using the following tests: tests .

  • • Requirement:

      The service provider defines tests and/or exercises in accordance with NIST Special Publication 800-61 (as amended). Functional testing must occur prior to testing for initial authorization. Annual functional testing may be concurrent with required penetration tests (see CA-8). The service provider provides test plans to the JAB/AO annually. Test plans are approved and accepted by the JAB/AO prior to test commencing.