CCI-000822

The organization implements an incident handling capability for security incidents that includes preparation, detection and analysis, containment, eradication, and recovery.

Implementation Guidance

The organization being inspected/assessed must have a documented and certified CNDSP and documented procedures for information system users and site security personnel to handle incidents until they are transferred to the responsibility of the CNDSP.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documentation identifying the CNDSP leveraged as well as the documented procedures for incident handling to ensure that there is a certified CNDSP in use and that there are procedures implemented to handle incidents until they are transferred to the responsibility of the CNDSP.

Compelling Evidence

1.) Signed and dated Incident Response Training documentation, referencing handling capability requirements section

The controls below (if any) were marked by NIST as being related to CCI-000822.