Navigate

CCI-000814

CCI-000814 Definition

The organization provides incident response training in accordance with organization-defined frequency.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents and implements a process to provide incident response training to information system users, other than general users, consistent with assigned roles and responsibilities annually. For general users, DoD components are automatically compliant with the requirement based on DoDD 8570.01 requirements for IA awareness training. The organization must maintain a record of training. DoD has defined the frequency as annually.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process as well as training records for a sampling of information system users to ensure the organization being inspected/assessed provides incident response training to information system users, other than general users, consistent with assigned roles and responsibilities annually. For general users, DoD components are automatically compliant with the requirement based on DoDD 8570.01 requirements for IA awareness training. DoD has defined the frequency as annually.

Compelling Evidence

Automatically compliant

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000814.

Control	Description
IR-2	The organization provides incident response training to information system users consistent with assigned roles and responsibilities: IR-2a.: Within [Assignment: organization-defined time period] of assuming an incident response role or responsibility; IR-2b.: When required by information system changes; and IR-2c.: [Assignment: organization-defined frequency] thereafter.