CCI-002811

The organization responds to information spills by performing other organization-defined actions.

Implementation Guidance

The organization being inspected/assessed documents within their incident response plan, processes to perform actions defined in IR-9, CCI 2812.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the incident response plan as well as after action reports of incidents to ensure that the organization being inspected/assessed performs actions defined in IR-9, CCI 2812.

Compelling Evidence

1.) Signed and dated Incident Response Plan, referencing information system contamination section 2.) Incident response after action reports

The controls below (if any) were marked by NIST as being related to CCI-002811.