Navigate

CCI-000814

CCI-000814 Definition

Provide incident response training in accordance with organization-defined frequency.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if incident response training is provided to system users consistent with assigned roles and responsibilities [IR-02_ODP[02]; frequency at which to provide incident response training to users is defined] thereafter.

Validation Procedures

Examine: [SELECT FROM: Incident response policy; procedures addressing incident response training; incident response training curriculum; incident response training materials; privacy plan; incident response plan; incident response training records; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with incident response training and operational responsibilities; organizational personnel with information security and privacy responsibilities].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000814.

Control	Description
IR-2	a: Provide incident response training to system users consistent with assigned roles and responsibilities: 1: Within [a time period within which incident response training is to be provided to system users assuming an incident response role or responsibility is defined;] of assuming an incident response role or responsibility or acquiring system access; 2: When required by system changes; and 3: [frequency at which to provide incident response training to users is defined;] thereafter; and b: Review and update incident response training content [frequency at which to review and update incident response training content is defined;] and following [events that initiate a review of the incident response training content are defined;].

Control

Description

IR-2

a: Provide incident response training to system users consistent with assigned roles and responsibilities:
- 1: Within [a time period within which incident response training is to be provided to system users assuming an incident response role or responsibility is defined;] of assuming an incident response role or responsibility or acquiring system access;
- 2: When required by system changes; and
- 3: [frequency at which to provide incident response training to users is defined;] thereafter; and

b: Review and update incident response training content [frequency at which to review and update incident response training content is defined;] and following [events that initiate a review of the incident response training content are defined;].