Navigate

CCI-002778

CCI-002778 Definition

Defines the time period in which system users who assume an incident response role or responsibility receive incident response training.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if incident response training is provided to system users consistent with assigned roles and responsibilities within [IR-02_ODP[01]; a time period within which incident response training is to be provided to system users assuming an incident response role or responsibility is defined] of assuming an incident response role or responsibility or acquiring system access.

Validation Procedures

Examine: [SELECT FROM: Incident response policy; procedures addressing incident response training; incident response training curriculum; incident response training materials; privacy plan; incident response plan; incident response training records; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with incident response training and operational responsibilities; organizational personnel with information security and privacy responsibilities].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002778.

Control	Description
IR-2	a: Provide incident response training to system users consistent with assigned roles and responsibilities: 1: Within [a time period within which incident response training is to be provided to system users assuming an incident response role or responsibility is defined;] of assuming an incident response role or responsibility or acquiring system access; 2: When required by system changes; and 3: [frequency at which to provide incident response training to users is defined;] thereafter; and b: Review and update incident response training content [frequency at which to review and update incident response training content is defined;] and following [events that initiate a review of the incident response training content are defined;].

Control

Description

IR-2

a: Provide incident response training to system users consistent with assigned roles and responsibilities:
- 1: Within [a time period within which incident response training is to be provided to system users assuming an incident response role or responsibility is defined;] of assuming an incident response role or responsibility or acquiring system access;
- 2: When required by system changes; and
- 3: [frequency at which to provide incident response training to users is defined;] thereafter; and

b: Review and update incident response training content [frequency at which to review and update incident response training content is defined;] and following [events that initiate a review of the incident response training content are defined;].