CCI-002782

Implementation Guidance

The organization being inspected/assessed documents within their incident response plan and implements plans to respond to incidents related to insider threats.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the incident response plan as well as a sampling of incident after action reports to ensure the organization being inspected/assessed implements incident handling capability for insider threats.

Compelling Evidence

1.) Signed and dated Incident Response Plan, referencing incident handling capability for insider threats section 2.) Incident after action reports