CCI-002782
CCI-002782 Definition
Implement an incident handling capability for incidents involving insider threats.
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed documents within their incident response plan and implements plans to respond to incidents related to insider threats.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines the incident response plan as well as a sampling of incident after action reports to ensure the organization being inspected/assessed implements incident handling capability for insider threats.
Compelling Evidence
1.) Signed and dated Incident Response Plan, referencing incident handling capability for insider threats section 2.) Incident after action reports