Status: DRAFT
Version: 0.1
This document outlines the plan for responding to security incidents related to the FDA.gov v2 Platform. The primary goals are to detect, respond to, and recover from incidents in a timely manner, while minimizing impact and preserving evidence.
¶ 2. Roles and Responsibilities
- Security Incident Response Team (SIRT): A designated team of individuals responsible for coordinating the incident response.
- Technical Steering Committee (TSC): Provides oversight and receives reports from the SIRT.
- FDA Chief Scientist: The ultimate point of contact for major incidents.
The incident response process follows the NIST framework:
- Preparation: Ongoing activities such as training, tool acquisition, and plan maintenance.
- Detection & Analysis: Identifying and validating a security incident.
- Containment: Isolating affected systems to prevent further damage.
- Eradication & Recovery: Removing the root cause and restoring systems to a secure state.
- Post-Incident Activity: Documenting the incident, conducting a lessons-learned review, and improving security controls.
A detailed communication plan will be developed to ensure timely and accurate information is shared with internal stakeholders, the TSC, relevant authorities, and the public, as required.
This is a foundational template and will be expanded with detailed procedures, contact lists, and communication protocols.