SEF-03: Incident Reporting

Control Family:

Security Incident Management, E-Discovery, & Cloud Forensics

CSF v1.1 References:

ID.RA-2
PR.AT-3
PR.IP-8
PR.IP-9
DE.DP-4
RS.CO-2
RS.CO-5
RC.CO-1
RC.CO-3

PF v1.0 References:

GV.AT-P4
PR.PO-P6
PR.PO-P7

Control Statement

Workforce personnel and external business relationships shall be informed of their responsibilities and, if required, shall consent and/or contractually agree to report all information security events in a timely manner. Information security events shall be reported through predefined communications channels in a timely manner adhering to applicable legal, statutory, or regulatory compliance obligations.

Control Statement

Related Controls

NIST Special Publication 800-53 Revision 5

NIST Special Publication 800-53 Revision 4