Generated from the official FedRAMP/docs GitHub repo. Source path: FRMR.documentation.json on main at blob 5c6bfee74029. FRMR version: 0.9.43-beta · upstream last_updated: 2026-04-08. The official FedRAMP/rules repo exists, but grclanker still treats FedRAMP/docs as the active source until structured rules land there.

Incident Response

Domain code: INR · Domain ID: KSI-INR · Web slug: incident-response

Theme

A secure cloud service offering will document, report, and analyze security incidents to ensure regulatory compliance and continuous security improvement.

Indicators

KSI-INR-AAR (formerly KSI-INR-03) — Generating After Action Reports

Generate incident after action reports and persistently incorporate lessons learned.

Mapped Rev5 controls: ir-3, ir-4, ir-4.1, ir-8

Terms: Incident, Persistently

Recent update: 2026-02-04 — Removed italics and changed the ID as part of new standardization in v0.9.0-beta; no material changes.

KSI-INR-RIR (formerly KSI-INR-01) — Reviewing Incident Response Procedures

Persistently review the effectiveness of documented incident response procedures.

Mapped Rev5 controls: ir-4, ir-4.1, ir-6, ir-6.1, ir-6.3, ir-7, ir-7.1, ir-8, ir-8.1, si-4.5

Terms: Incident, Persistently, Vulnerability Response

Recent update: 2026-02-04 — Removed italics and changed the ID as part of new standardization in v0.9.0-beta; no material changes.

KSI-INR-RPI (formerly KSI-INR-02) — Reviewing Past Incidents

Persistently review past incidents for patterns or vulnerabilities.

Mapped Rev5 controls: ir-3, ir-4, ir-4.1, ir-5, ir-8

Terms: Incident, Persistently, Vulnerability

Recent update: 2026-02-04 — Removed italics and changed the ID as part of new standardization in v0.9.0-beta; no material changes.