Navigate

CCI-002807

CCI-002807 Definition

The organization defines personnel or roles to be alerted of information spills using a method of communication not associated with the spill.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

DoD has defined the personnel or roles as at a minimum, the OCA, the information owner/originator, the ISSM, the activity security manager, and the responsible computer incident response center.

Validation Procedures

The organization being inspected/assessed is automatically compliant with this CCI because they are covered at the DoD level. DoD has defined the personnel or roles as at a minimum, the OCA, the information owner/originator, the ISSM, the activity security manager, and the responsible computer incident response center.

Compelling Evidence

Automatically compliant

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002807.

Control	Description
IR-9	The organization responds to information spills by: IR-9a.: Identifying the specific information involved in the information system contamination; IR-9b.: Alerting [Assignment: organization-defined personnel or roles] of the information spill using a method of communication not associated with the spill; IR-9c.: Isolating the contaminated information system or system component; IR-9d.: Eradicating the information from the contaminated information system or component; IR-9e.: Identifying other information systems or system components that may have been subsequently contaminated; and IR-9f.: Performing other [Assignment: organization-defined actions].

Control

Description

IR-9

The organization responds to information spills by:

IR-9a.: Identifying the specific information involved in the information system contamination;

IR-9b.: Alerting [Assignment: organization-defined personnel or roles] of the information spill using a method of communication not associated with the spill;

IR-9c.: Isolating the contaminated information system or system component;

IR-9d.: Eradicating the information from the contaminated information system or component;

IR-9e.: Identifying other information systems or system components that may have been subsequently contaminated; and

IR-9f.: Performing other [Assignment: organization-defined actions].