Navigate

CCI-000844

CCI-000844 Definition

Develop an incident response plan that is reviewed and approved by organization-defined personnel or roles on an organization-defined frequency.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed will have an incident response plan signed and approved by at a minimum, the ISSM and ISSO. DoD has defined the personnel or roles as at a minimum, the ISSM and ISSO.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the incident response plan to validate it has been properly signed by at a minimum, the ISSM and ISSO. DoD has defined the personnel or roles as at a minimum, the ISSM and ISSO.

Compelling Evidence

1.) Signed and dated Incident Response Plan

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000844.

Control	Description
IR-8	The organization: a: Develops an incident response plan that: 1: Provides the organization with a roadmap for implementing its incident response capability; 2: Describes the structure and organization of the incident response capability; 3: Provides a high-level approach for how the incident response capability fits into the overall organization; 4: Meets the unique requirements of the organization, which relate to mission, size, structure, and functions; 5: Defines reportable incidents; 6: Provides metrics for measuring the incident response capability within the organization; 7: Defines the resources and management support needed to effectively maintain and mature an incident response capability; and 8: Is reviewed and approved by [one of ]; b: Distributes copies of the incident response plan to [one of ]; c: Reviews the incident response plan [one of ]; d: Updates the incident response plan to address system/organizational changes or problems encountered during plan implementation, execution, or testing; e: Communicates incident response plan changes to [one of ]; and f: Protects the incident response plan from unauthorized disclosure and modification.

Control

Description

IR-8

The organization:

a: Develops an incident response plan that:
- 1: Provides the organization with a roadmap for implementing its incident response capability;
- 2: Describes the structure and organization of the incident response capability;
- 3: Provides a high-level approach for how the incident response capability fits into the overall organization;
- 4: Meets the unique requirements of the organization, which relate to mission, size, structure, and functions;
- 5: Defines reportable incidents;
- 6: Provides metrics for measuring the incident response capability within the organization;
- 7: Defines the resources and management support needed to effectively maintain and mature an incident response capability; and
- 8: Is reviewed and approved by [one of ];

b: Distributes copies of the incident response plan to [one of ];

c: Reviews the incident response plan [one of ];

d: Updates the incident response plan to address system/organizational changes or problems encountered during plan implementation, execution, or testing;

e: Communicates incident response plan changes to [one of ]; and

f: Protects the incident response plan from unauthorized disclosure and modification.