CCI-004136

Ensure the results of incident handling activities are comparable and predictable across the organization.

Implementation Guidance

Determine if: - the rigor of incident handling activities is comparable and predictable across the organization. - the intensity of incident handling activities is comparable and predictable across the organization. - the scope of incident handling activities is comparable and predictable across the organization. - the results of incident handling activities are comparable and predictable across the organization.

Validation Procedures

Examine: [SELECT FROM: Incident response policy; contingency planning policy; procedures addressing incident handling; incident response plan; contingency plan; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with incident handling responsibilities; organizational personnel with contingency planning responsibilities; organizational personnel with information security and privacy responsibilities]. Test: [SELECT FROM: Incident handling capability for the organization].

The controls below (if any) were marked by NIST as being related to CCI-004136.