Navigate

CCI-002812

CCI-002812 Definition

Defines additional actions required to respond to information spills.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if [IR-09_ODP[03]; actions to be performed are defined] are performed in response to information spills.

Validation Procedures

Examine: [SELECT FROM: Incident response policy; procedures addressing information spillage; incident response plan; system security plan; records of information spillage alerts/notifications; list of personnel who should receive alerts of information spillage; list of actions to be performed regarding information spillage; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with incident response responsibilities; organizational personnel with information security responsibilities]. Test: [SELECT FROM: Organizational processes for information spillage response; mechanisms supporting and/or implementing information spillage response actions and related communications].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002812.

Control	Description
IR-9	Respond to information spills by: a: Assigning [personnel or roles assigned the responsibility for responding to information spills is/are defined;] with responsibility for responding to information spills; b: Identifying the specific information involved in the system contamination; c: Alerting [personnel or roles to be alerted of the information spill using a method of communication not associated with the spill is/are defined;] of the information spill using a method of communication not associated with the spill; d: Isolating the contaminated system or system component; e: Eradicating the information from the contaminated system or component; f: Identifying other systems or system components that may have been subsequently contaminated; and g: Performing the following additional actions: [actions to be performed are defined;].

Control

Description

IR-9

Respond to information spills by:

a: Assigning [personnel or roles assigned the responsibility for responding to information spills is/are defined;] with responsibility for responding to information spills;

b: Identifying the specific information involved in the system contamination;

c: Alerting [personnel or roles to be alerted of the information spill using a method of communication not associated with the spill is/are defined;] of the information spill using a method of communication not associated with the spill;

d: Isolating the contaminated system or system component;

e: Eradicating the information from the contaminated system or component;

f: Identifying other systems or system components that may have been subsequently contaminated; and

g: Performing the following additional actions: [actions to be performed are defined;].