CCI-004153

Implementation Guidance

Determine if: - incidents are tracked using [IR-05(01)_ODP[01]; automated mechanisms used to track incidents are defined]. - incident information is collected using [IR-05(01)_ODP[02]; automated mechanisms used to collect incident information are defined]. - incident information is analyzed using [IR-05(01)_ODP[03]; automated mechanisms used to analyze incident information are defined].

Validation Procedures

Examine: [SELECT FROM: Incident response policy; procedures addressing incident monitoring; incident response records and documentation; system security plan; incident response plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with incident monitoring responsibilities; organizational personnel with information security responsibilities]. Test: [SELECT FROM: Incident monitoring capability for the organization; automated mechanisms supporting and/or implementing the tracking and documenting of system security incidents].