CCI-002810

The organization responds to information spills by identifying other information systems or system components that may have been subsequently contaminated.

Implementation Guidance

The organization being inspected/assessed documents within their incident response plan, a process to identify other information systems or system components that may have been subsequently contaminated.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the incident response plan as well as after action reports of incidents to ensure that the organization being inspected/assessed identifies other information systems or system components that may have been subsequently contaminated.

Compelling Evidence

1.) Signed and dated Incident Response Plan, referencing information system contamination section 2.) Incident response after action reports

The controls below (if any) were marked by NIST as being related to CCI-002810.