CCI-000822

Implement an incident handling capability for incidents that is consistent with the incident response plan and includes preparation, detection and analysis, containment, eradication, and recovery.

Implementation Guidance

Determine if: - an incident handling capability for incidents is implemented that is consistent with the incident response plan. - the incident handling capability for incidents includes preparation. - the incident handling capability for incidents includes detection and analysis. - the incident handling capability for incidents includes containment. - the incident handling capability for incidents includes eradication. - the incident handling capability for incidents includes recovery.

Validation Procedures

Examine: [SELECT FROM: Incident response policy; contingency planning policy; procedures addressing incident handling; incident response plan; contingency plan; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with incident handling responsibilities; organizational personnel with contingency planning responsibilities; organizational personnel with information security and privacy responsibilities]. Test: [SELECT FROM: Incident handling capability for the organization].

The controls below (if any) were marked by NIST as being related to CCI-000822.