03.05.08 —
What this control requires
Source: NIST SP 800-171 R3 §03.05.08 (official control text).
Why this matters
This control ensures organizations establish a formal incident response capability to detect, analyze, contain, and recover from cybersecurity incidents. Without a structured response process, organizations react chaotically during breaches, leading to extended dwell time for attackers, incomplete forensic evidence collection, regulatory notification failures, and cascading system compromises. An incident response capability protects CUI by minimizing damage, preserving evidence for law enforcement or legal action, and enabling rapid containment before lateral movement occurs. This directly supports breach notification obligations and reduces financial, operational, and reputational impact.
What evidence assessors expect
Assessors typically look for: PDF, screenshot, training certificate. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.
Related controls
See your live posture on 03.05.08.
FORCE shows where you stand on this control and walks you through closing it.
Start a free trial tenant →