CCI-004162

Include identification of applicable privacy requirements in the Incident Response Plan for breaches involving Personally Identifiable Information.

Implementation Guidance

Determine if the incident response plan for breaches involving personally identifiable information includes the identification of applicable privacy requirements

Validation Procedures

Examine: [SELECT FROM: Incident response policy; procedures addressing incident response planning; incident response plan; system security plan; privacy plan; records of incident response plan reviews and approvals; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with incident response planning responsibilities; organizational personnel with information security and privacy responsibilities]. Test: [SELECT FROM: Organizational incident response plan and related organizational processes].

The controls below (if any) were marked by NIST as being related to CCI-004162.