Navigate

CCI-000844

CCI-000844 Definition

The organization develops an incident response plan that is reviewed and approved by organization-defined personnel or roles.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed will have an incident response plan signed and approved by at a minimum, the ISSM and ISSO. DoD has defined the personnel or roles as at a minimum, the ISSM and ISSO.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the incident response plan to validate it has been properly signed by at a minimum, the ISSM and ISSO. DoD has defined the personnel or roles as at a minimum, the ISSM and ISSO.

Compelling Evidence

1.) Signed and dated Incident Response Plan

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000844.

Control	Description
IR-8	The organization: IR-8a.: Develops an incident response plan that: IR-8a.1.: Provides the organization with a roadmap for implementing its incident response capability; IR-8a.2.: Describes the structure and organization of the incident response capability; IR-8a.3.: Provides a high-level approach for how the incident response capability fits into the overall organization; IR-8a.4.: Meets the unique requirements of the organization, which relate to mission, size, structure, and functions; IR-8a.5.: Defines reportable incidents; IR-8a.6.: Provides metrics for measuring the incident response capability within the organization; IR-8a.7.: Defines the resources and management support needed to effectively maintain and mature an incident response capability; and IR-8a.8.: Is reviewed and approved by [Assignment: organization-defined personnel or roles]; IR-8b.: Distributes copies of the incident response plan to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; IR-8c.: Reviews the incident response plan [Assignment: organization-defined frequency]; IR-8d.: Updates the incident response plan to address system/organizational changes or problems encountered during plan implementation, execution, or testing; IR-8e.: Communicates incident response plan changes to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; and IR-8f.: Protects the incident response plan from unauthorized disclosure and modification.

Control

Description

IR-8

The organization:

IR-8a.: Develops an incident response plan that:
- IR-8a.1.: Provides the organization with a roadmap for implementing its incident response capability;
- IR-8a.2.: Describes the structure and organization of the incident response capability;
- IR-8a.3.: Provides a high-level approach for how the incident response capability fits into the overall organization;
- IR-8a.4.: Meets the unique requirements of the organization, which relate to mission, size, structure, and functions;
- IR-8a.5.: Defines reportable incidents;
- IR-8a.6.: Provides metrics for measuring the incident response capability within the organization;
- IR-8a.7.: Defines the resources and management support needed to effectively maintain and mature an incident response capability; and
- IR-8a.8.: Is reviewed and approved by [Assignment: organization-defined personnel or roles];

IR-8b.: Distributes copies of the incident response plan to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements];

IR-8c.: Reviews the incident response plan [Assignment: organization-defined frequency];

IR-8d.: Updates the incident response plan to address system/organizational changes or problems encountered during plan implementation, execution, or testing;

IR-8e.: Communicates incident response plan changes to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; and

IR-8f.: Protects the incident response plan from unauthorized disclosure and modification.