CCI-000835

The organization requires personnel to report suspected security incidents to the organizational incident response capability within the organization-defined time period.

Implementation Guidance

The organization being inspected/assessed documents within the user agreement the requirement for all system users to report suspected security incidents to the organizational incident response capability within the timeframes specified by CJCSM 6510.01B (Table C-A-1) unless the data owner provides more restrictive guidance. DoD has defined the time period as the timeframes specified by CJCSM 6510.01B (Table C-A-1) unless the data owner provides more restrictive guidance.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the user agreement to ensure users are required to report suspected security incidents to the organizational incident response capability within the timeframes specified by CJCSM 6510.01B (Table C-A-1) unless the data owner provides more restrictive guidance. DoD has defined the time period as the timeframes specified by CJCSM 6510.01B (Table C-A-1) unless the data owner provides more restrictive guidance.

Compelling Evidence

1.) Signed and dated Incident Response Plan, referencing time period for reporting section

The controls below (if any) were marked by NIST as being related to CCI-000835.