CCI-000829

The organization correlates incident information and individual incident responses to achieve an organization-wide perspective on incident awareness and response.

Implementation Guidance

The organization being inspected/assessed defines procedures to examine incident information gathered and the actual actions taken by both the individuals affected and the incident response personnel. These procedures shall be defined IAW CJCSM 6510.01B. The end goal is to achieve a top level perspective of the effectiveness of the incident response and awareness.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines proof of the analysis (such as minutes from an incident response after action meeting or other similar activity) to ensure that incident information is being examined and correlated.

Compelling Evidence

1.) Incident response plan 2.) Minutes from an incident response after action meeting or similar activity

The controls below (if any) were marked by NIST as being related to CCI-000829.