17.2: Establish and Maintain Contact Information for Reporting Security Incidents

CSF v1.1 References:

CSF v2.0 References:


Previous Version:

Control Statement

Establish and maintain contact information for parties that need to be informed of security incidents. Contacts may include internal staff, third-party vendors, law enforcement, cyber insurance providers, relevant government agencies, Information Sharing and Analysis Center (ISAC) partners, or other stakeholders. Verify contacts annually to ensure that information is up-to-date.

[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]