NIST CSF Control RS.AN-3: Forensics Are Performed

Role Availability Read-Only Investigator Analyst Manager

Analysis (RS.AN): Analysis is conducted to ensure adequate response and support recovery activities. Note on Control: Orchestration rules are available to automatically run forensics on alarms and events. Having the output of these forensic scans available for reporting would satisfy this control. Associated Frameworks: ISA 62443-3-3:2013 SR 2.8, SR 2.9, SR 2.10, SR 2.11, SR 2.12, SR 3.9, SR 6.1, ISO/IEC 27001:2013 A.16.1.7, NIST SP 800-53 Rev. 4 AU-7, IR-4.

The View link goes to the orchestration rules page (Settings > Rules). See Rules Management for more information.