CCI-000832

Implementation Guidance

Determine if: - incidents are tracked. - incidents are documented.

Validation Procedures

Examine: [SELECT FROM: Incident response policy; procedures addressing incident monitoring; incident response records and documentation; incident response plan; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with incident monitoring responsibilities; organizational personnel with information security and privacy responsibilities]. Test: [SELECT FROM: Incident monitoring capability for the organization; mechanisms supporting and/or implementing the tracking and documenting of system security incidents].