Navigate

CCI-000850

CCI-000850 Definition

The organization communicates incident response plan changes to organization-defined incident response personnel (identified by name and/or by role) and organizational elements.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed communicates incident response plan changes to all stakeholders identified in the incident response plan, not later than 30 days after the change is made. DoD has defined the incident response personnel as all stakeholders identified in the incident response plan, not later than 30 days after the change is made.

Validation Procedures

The organization conducting the inspection/assessment examines the incident response plan via the inspected organization's information sharing capability (e.g. portal, intranet, email, etc) to ensure it has been communicated to all stakeholders identified in the incident response plan, not later than 30 days after the change is made. DoD has defined the incident response personnel as all stakeholders identified in the incident response plan, not later than 30 days after the change is made.

Compelling Evidence

1.) List of personnel the incident response plan is distributed to

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000850.

Control	Description
IR-8	The organization: IR-8a.: Develops an incident response plan that: IR-8a.1.: Provides the organization with a roadmap for implementing its incident response capability; IR-8a.2.: Describes the structure and organization of the incident response capability; IR-8a.3.: Provides a high-level approach for how the incident response capability fits into the overall organization; IR-8a.4.: Meets the unique requirements of the organization, which relate to mission, size, structure, and functions; IR-8a.5.: Defines reportable incidents; IR-8a.6.: Provides metrics for measuring the incident response capability within the organization; IR-8a.7.: Defines the resources and management support needed to effectively maintain and mature an incident response capability; and IR-8a.8.: Is reviewed and approved by [Assignment: organization-defined personnel or roles]; IR-8b.: Distributes copies of the incident response plan to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; IR-8c.: Reviews the incident response plan [Assignment: organization-defined frequency]; IR-8d.: Updates the incident response plan to address system/organizational changes or problems encountered during plan implementation, execution, or testing; IR-8e.: Communicates incident response plan changes to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; and IR-8f.: Protects the incident response plan from unauthorized disclosure and modification.

Control

Description

IR-8

The organization:

IR-8a.: Develops an incident response plan that:
- IR-8a.1.: Provides the organization with a roadmap for implementing its incident response capability;
- IR-8a.2.: Describes the structure and organization of the incident response capability;
- IR-8a.3.: Provides a high-level approach for how the incident response capability fits into the overall organization;
- IR-8a.4.: Meets the unique requirements of the organization, which relate to mission, size, structure, and functions;
- IR-8a.5.: Defines reportable incidents;
- IR-8a.6.: Provides metrics for measuring the incident response capability within the organization;
- IR-8a.7.: Defines the resources and management support needed to effectively maintain and mature an incident response capability; and
- IR-8a.8.: Is reviewed and approved by [Assignment: organization-defined personnel or roles];

IR-8b.: Distributes copies of the incident response plan to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements];

IR-8c.: Reviews the incident response plan [Assignment: organization-defined frequency];

IR-8d.: Updates the incident response plan to address system/organizational changes or problems encountered during plan implementation, execution, or testing;

IR-8e.: Communicates incident response plan changes to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; and

IR-8f.: Protects the incident response plan from unauthorized disclosure and modification.