CCI-004155

Implementation Guidance

Determine if incidents are reported using [IR-06(01)_ODP; automated mechanisms used for reporting incidents are defined].

Validation Procedures

Examine: [SELECT FROM: Incident response policy; procedures addressing incident reporting; automated mechanisms supporting incident reporting; system design documentation; system configuration settings and associated documentation; incident response plan; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with incident reporting responsibilities; organizational personnel with information security responsibilities]. Test: [SELECT FROM: Organizational processes for incident reporting; automated mechanisms supporting and/or implementing the reporting of security incidents].