CCI-000838
CCI-000838 Definition
Report system vulnerabilities associated with reported incidents to organization-defined personnel or roles.
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed documents and implements a process to report to personnel defined in IR-6 (2), CCI 2792 information system vulnerabilities associated with reported security incident IAW the incident response plan (IR-8). Reporting shall be conducted IAW CJCSM 6510.01B.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines a sample of previous security incidents to ensure the associated vulnerabilities were reported to personnel defined in IR-6 (2), CCI 2792 IAW the incident response plan (IR-8). Reporting shall be conducted IAW CJCSM 6510.01B.
Compelling Evidence
1.) Signed and dated Incident Response Plan, referencing information system vulnerabilities section