NIST 800-53 REV 5 • INCIDENT RESPONSE

IR-5(1)Automated Tracking, Data Collection, and Analysis

Track incidents and collect and analyze incident information using {{ insert: param, ir-5.1_prm_1 }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

Automated mechanisms for tracking incidents and collecting and analyzing incident information include Computer Incident Response Centers or other electronic databases of incidents and network monitoring devices.

Practitioner Notes

This enhancement requires automated tools to track incidents and collect and analyze incident data. Manual spreadsheets and email chains are not sufficient — you need systems that capture data consistently and support analysis.

Example 1: Deploy Microsoft Sentinel with automated incident creation from analytics rules. Use Sentinel's built-in investigation graph to automatically correlate alerts, entities, and timelines. Export incident data to Power BI for trend analysis and executive reporting.

Example 2: Use a SOAR platform (Splunk SOAR, Palo Alto XSOAR) that automatically enriches incident tickets with threat intelligence, tracks analyst actions, and generates metrics like MTTD and MTTR. Set up automated weekly summary reports to management.

More Incident Response Controls

IR-1 Policy and Procedures IR-2 Incident Response Training IR-2(1) Simulated Events IR-2(2) Automated Training Environments