CCI-002809

Respond to information spills by eradicating the information from the contaminated system or component.

Implementation Guidance

The organization being inspected/assessed documents within their incident response plan, a process to eradicate the information from the contaminated information system or component.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the incident response plan as well as after action reports of incidents to ensure that the organization being inspected/assessed eradicates the information from the contaminated information system or component.

Compelling Evidence

1.) Signed and dated Incident Response Plan, referencing information system contamination section 2.) Incident response after action reports

The controls below (if any) were marked by NIST as being related to CCI-002809.