CCI-002719

Defines the unauthorized security-relevant changes to the system that are to be incorporated into the organizational incident response capability.

Implementation Guidance

The organization being inspected/assessed defines and documents the unauthorized security-relevant changes to the information system that are to be incorporated into the organizational incident response capability. DoD has determined the security-relevant changes to the information are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented security-relevant changes to the information to ensure the organization being inspected/assessed defines the unauthorized security-relevant changes to the information system that are to be incorporated into the organizational incident response capability. DoD has determined the security-relevant changes to the information are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated System security plan defines which unauthorized security-relevant changes will be a part of the organization-level Incident Response Plan. 2.) Organization incident response plan in which unauthorized security-relevant changes will be a part of the organization-level Incident Response Plan.

The controls below (if any) were marked by NIST as being related to CCI-002719.