19.4: Devise Organization-wide Standards for Reporting Incidents
CSF v1.1 References:
The next version of the control set incorporates all or part of this control into: 17.3: Establish and Maintain an Enterprise Process for Reporting Incidents.
Control Statement
Devise organization-wide standards for the time required for system administrators and other workforce members to report anomalous events to the incident handling team, the mechanisms for such reporting, and the kind of information that should be included in the incident notification.
[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]