CCI-002806

Respond to information spills by alerting organization-defined personnel or roles of the information spill using a method of communication not associated with the spill.

Implementation Guidance

The organization being inspected/assessed documents within their incident response plan, a process to alert at a minimum, the Originating Classification Authority (OCA), the information owner/originator, the ISSM, the activity security manager, and the responsible computer incident response center of the information spill using a method of communication not associated with the spill. DoD has defined the personnel or roles as at a minimum, the OCA, the information owner/originator, the ISSM, the activity security manager, and the responsible computer incident response center.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the incident response plan as well as after action reports of incidents to ensure that at a minimum, the OCA, the information owner/originator, the ISSM, the activity security manager, and the responsible computer incident response center were alerted of the information spill using a method of communication not associated with the spill. DoD has defined the personnel or roles as at a minimum, the OCA, the information owner/originator, the ISSM, the activity security manager, and the responsible computer incident response center.

Compelling Evidence

1.) Signed and dated Incident Response Plan, referencing information system contamination section 2.) Incident response after action reports

The controls below (if any) were marked by NIST as being related to CCI-002806.