> ## Documentation Index
> Fetch the complete documentation index at: https://docs.levelblue.com/llms.txt
> Use this file to discover all available pages before exploring further.

# NIST CSF Control RS.AN-3: Forensics are Performed

|                       |           |                  |             |             |
| --------------------- | --------- | ---------------- | ----------- | ----------- |
| **Role Availability** | Read-Only | **Investigator** | **Analyst** | **Manager** |

**Analysis (RS.AN)**: Analysis is conducted to ensure adequate response and support recovery activities. Orchestration rules are available to automatically run forensics on alarms and events. Having the output of these forensic scans available for reporting would satisfy this control.

**Associated Frameworks**: ISA 62443-3-3:2013 SR 2.8, SR 2.9, SR 2.10, SR 2.11, SR 2.12, SR 3.9, SR 6.1, ISO/IEC 27001:2013 A.16.1.7, NIST SP 800-53 Rev. 4 AU-7, IR-4.

Click the **View** link to go to the **Orchestration Rules** page (**Settings > Rules**). See [Rules Management](/documentation/usm-anywhere/user-guide/rules-management/rules-management) for more information.