Navigate

CCI-000836

CCI-000836 Definition

The organization reports security incident information to organization-defined authorities.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents and implements a process to report to the appropriate CIRT/CERT (such as US-CERT, DoD CERT, IC CERT).any security incidents IAW the incident response plan (IR-8). Reporting shall be conducted IAW CJCSM 6510.01B. DoD has defined the authorities as the appropriate CIRT/CERT (such as US-CERT, DoD CERT, IC CERT).

Validation Procedures

The organization conducting the inspection/assessment obtains and examines a sample of previous security incidents to ensure the incidents were reported to the appropriate CIRT/CERT (such as US-CERT, DoD CERT, IC CERT). any security incidents IAW the incident response plan (IR-8). Reporting shall be conducted IAW CJCSM 6510.01B. DoD has defined the authorities as the appropriate CIRT/CERT (such as US-CERT, DoD CERT, IC CERT).

Compelling Evidence

1.) Signed and dated Incident Response Plan, referencing escalation section

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000836.

Control	Description
IR-6	The organization: IR-6a.: Requires personnel to report suspected security incidents to the organizational incident response capability within [Assignment: organization-defined time period]; and IR-6b.: Reports security incident information to [Assignment: organization-defined authorities].