CCI-000822
CCI-000822 Definition
Implement an incident handling capability for incidents that is consistent with the incident response plan and includes preparation, detection and analysis, containment, eradication, and recovery.
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed must have a documented and certified CNDSP and documented procedures for information system users and site security personnel to handle incidents until they are transferred to the responsibility of the CNDSP.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines the documentation identifying the CNDSP leveraged as well as the documented procedures for incident handling to ensure that there is a certified CNDSP in use and that there are procedures implemented to handle incidents until they are transferred to the responsibility of the CNDSP.
Compelling Evidence
1.) Signed and dated Incident Response Training documentation, referencing handling capability requirements section