CCI-002792

The organization defines personnel or roles to whom information system vulnerabilities associated with reported security incident information are reported.

Implementation Guidance

The organization being inspected/assessed defines and documents personnel or roles to whom information system vulnerabilities associated with reported security incident information are reported. The personnel shall be identified IAW CJCSM 6510.01B. DoD has determined the personnel are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented personnel to ensure the organization being inspected/assessed defines personnel or roles to whom information system vulnerabilities associated with reported security incident information are reported IAW CJCSM 6510.01B.

Compelling Evidence

1.) Documentation that defines personnel or roles to whom information system vulnerabilities associated with reported security incident information are reported.

The controls below (if any) were marked by NIST as being related to CCI-002792.