CCI-002720

Incorporate the detection of organization-defined security-relevant unauthorized changes into the organizational incident response capability.

Implementation Guidance

The organization being inspected/assessed incorporates the detection of unauthorized security-relevant changes to the information system defined in SI-7 (7), CCI 2719 into the organizational incident response capability.

Validation Procedures

The organization conducting the inspection/assessment examines the organizational incident response capability to ensure the organization being inspected/assessed incorporates the detection of unauthorized security-relevant changes to the information system defined in SI-7 (7), CCI 2719.

Compelling Evidence

1.) Signed and dated System security plan defines which unauthorized security-relevant changes will be a part of the organization-level Incident Response Plan. 2.) Organization-level incident response plan in which unauthorized security-relevant changes will be a part of the organization-level Incident Response Plan.

The controls below (if any) were marked by NIST as being related to CCI-002720.