CCI-000826

The organization includes dynamic reconfiguration of organization-defined information system components as part of the incident response capability.

Implementation Guidance

The organization being inspected/assessed will ensure that their incident response plan includes procedures for dynamic reconfiguration of information system components defined in IR-4 (2), CCI 2781 as part of the incident response capability IAW CM-3. Dynamic reconfiguration bypasses the organization's standard CCB process and may include, for example, changes to router rules, access control lists, intrusion detection/prevention systems, firewalls, etc. Organizations will have procedures to examine dynamic reconfiguration changes at the earliest opportunity IAW CCB.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the incident response plan and verifies it has procedures addressing dynamic reconfiguration of information system components defined in IR-4 (2), CCI 2781 as part of the incident response capability IAW CM-3.

Compelling Evidence

1.) Signed and dated Incident Response Plan, referencing dynamic reconfiguration section

The controls below (if any) were marked by NIST as being related to CCI-000826.