STA-02: Incident Reporting

CSF v1.1 References:

Control Statement

The provider shall make security incident information available to all affected customers and providers periodically through electronic methods (e.g., portals).