Navigate

CCI-002809

CCI-002809 Definition

Respond to information spills by eradicating the information from the contaminated system or component.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if the information is eradicated from the contaminated system or component in response to information spills.

Validation Procedures

Examine: [SELECT FROM: Incident response policy; procedures addressing information spillage; incident response plan; system security plan; records of information spillage alerts/notifications; list of personnel who should receive alerts of information spillage; list of actions to be performed regarding information spillage; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with incident response responsibilities; organizational personnel with information security responsibilities]. Test: [SELECT FROM: Organizational processes for information spillage response; mechanisms supporting and/or implementing information spillage response actions and related communications].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002809.

Control	Description
IR-9	Respond to information spills by: a: Assigning [personnel or roles assigned the responsibility for responding to information spills is/are defined;] with responsibility for responding to information spills; b: Identifying the specific information involved in the system contamination; c: Alerting [personnel or roles to be alerted of the information spill using a method of communication not associated with the spill is/are defined;] of the information spill using a method of communication not associated with the spill; d: Isolating the contaminated system or system component; e: Eradicating the information from the contaminated system or component; f: Identifying other systems or system components that may have been subsequently contaminated; and g: Performing the following additional actions: [actions to be performed are defined;].

Control

Description

IR-9

Respond to information spills by:

a: Assigning [personnel or roles assigned the responsibility for responding to information spills is/are defined;] with responsibility for responding to information spills;

b: Identifying the specific information involved in the system contamination;

c: Alerting [personnel or roles to be alerted of the information spill using a method of communication not associated with the spill is/are defined;] of the information spill using a method of communication not associated with the spill;

d: Isolating the contaminated system or system component;

e: Eradicating the information from the contaminated system or component;

f: Identifying other systems or system components that may have been subsequently contaminated; and

g: Performing the following additional actions: [actions to be performed are defined;].