17.2: Establish and Maintain Contact Information for Reporting Security Incidents
CSF v1.1 References:
Previous Version:
- Critical Security Controls Version 7.1:
- 19.5: Maintain Contact Information For Reporting Security Incidents
Control Statement
Establish and maintain contact information for parties that need to be informed of security incidents. Contacts may include internal staff, third-party vendors, law enforcement, cyber insurance providers, relevant government agencies, Information Sharing and Analysis Center (ISAC) partners, or other stakeholders. Verify contacts annually to ensure that information is up-to-date.
[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]