Navigate

CCI-002791

CCI-002791 Definition

The organization defines authorities to whom security incident information is reported.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

DoD has defined the authorities as the appropriate CIRT/CERT (such as US-CERT, DoD CERT, IC CERT).

Validation Procedures

The organization being inspected/assessed is automatically compliant with this CCI because they are covered at the DoD level. DoD has defined the authorities as the appropriate CIRT/CERT (such as US-CERT, DoD CERT, IC CERT).

Compelling Evidence

Automatically compliant

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002791.

Control	Description
IR-6	The organization: IR-6a.: Requires personnel to report suspected security incidents to the organizational incident response capability within [Assignment: organization-defined time period]; and IR-6b.: Reports security incident information to [Assignment: organization-defined authorities].