Navigate

CCI-000838

CCI-000838 Definition

The organization reports information system vulnerabilities associated with reported security incidents to organization-defined personnel or roles.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents and implements a process to report to personnel defined in IR-6 (2), CCI 2792 information system vulnerabilities associated with reported security incident IAW the incident response plan (IR-8). Reporting shall be conducted IAW CJCSM 6510.01B.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines a sample of previous security incidents to ensure the associated vulnerabilities were reported to personnel defined in IR-6 (2), CCI 2792 IAW the incident response plan (IR-8). Reporting shall be conducted IAW CJCSM 6510.01B.

Compelling Evidence

1.) Signed and dated Incident Response Plan, referencing information system vulnerabilities section

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000838.

Control	Description
IR-6 (2)	The organization reports information system vulnerabilities associated with reported security incidents to [Assignment: organization-defined personnel or roles].