Navigate

CCI-002793

CCI-002793 Definition

The organization provides security incident information to other organizations involved in the supply chain for information systems or information system components related to the incident.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents and implement a process to provide security incident information to other organizations involved in the supply chain for information systems or information system components related to the incident.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process to ensure the organization being inspected/assessed provides security incident information to other organizations involved in the supply chain for information systems or information system components related to the incident.

Compelling Evidence

1.) Documentation of a process to provide security incident information to other organizations involved in the supply chain for information systems or information system components related to the incident.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002793.

Control	Description
IR-6 (3)	The organization provides security incident information to other organizations involved in the supply chain for information systems or information system components related to the incident.