CCI-002812

Implementation Guidance

The organization being inspected/assessed defines and documents additional actions to be taken in response to spillage incidents. The actions must include the following: 1)consider the information system as classified at the same level as the spilled information until the appropriate remediation processes have been executed and verified; 2) Include the investigative team members and questions identified in CNSS Instruction 1001 in investigation of the incident; 3) Protect information regarding the incident from disclosure. DoD has determined the actions are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented additional actions to ensure the organization being inspected/assessed defines other actions required to respond to information spills. DoD has determined the actions are not appropriate to define at the Enterprise level

Compelling Evidence

1.) Documentation that defines additional actions to be taken in response to spillage incidents.