Navigate

CCI-000827

CCI-000827 Definition

Identify organization-defined classes of incidents for which organization-defined actions are to be taken to ensure continuation of organizational mission and business functions.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if: - [IR-04(03)_ODP[01]; classes of incidents requiring an organization-defined action (defined in IR-04(03)_ODP[02]) to be taken are defined] are identified. - [IR-04(03)_ODP[02]; actions to be taken in response to organization-defined classes of incidents are defined] are taken in response to those incidents (defined in IR-04(03)_ODP[01]) to ensure the continuation of Organizational mission and business functions.

Validation Procedures

Examine: [SELECT FROM: Incident response policy; procedures addressing incident handling; incident response plan; privacy plan; list of classes of incidents; list of appropriate incident response actions; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with incident handling responsibilities; organizational personnel with information security responsibilities]. Test: [SELECT FROM: Mechanisms that support and/or implement continuity of operations].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000827.

Control	Description
IR-4(3)	Identify [classes of incidents requiring an organization-defined action (defined in IR-04(03)_ODP[02]) to be taken are defined;] and take the following actions in response to those incidents to ensure continuation of organizational mission and business functions: [actions to be taken in response to organization-defined classes of incidents are defined;].