IR: Incident Response

Develop, document, and disseminate to [Assignment: organization-defined personnel or roles]: [Assignment (one or more): organization-level, mission/business process-level, system-level] incident response policy that: Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and Is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines; and Procedures to facilitate the implementation…

Provide incident response training to system users consistent with assigned roles and responsibilities: Within [Assignment: organization-defined time period] of assuming an incident response role or responsibility or acquiring system access; When required by system changes; and [Assignment: organization-defined frequency] thereafter; and Review and update incident response training content [Assignment: organization-defined frequency] and following [Assignment: organization-defined…

Test the effectiveness of the incident response capability for the system [Assignment: organization-defined frequency] using the following tests: [Assignment: organization-defined tests].

Implement an incident handling capability for incidents that is consistent with the incident response plan and includes preparation, detection and analysis, containment, eradication, and recovery; Coordinate incident handling activities with contingency planning activities; Incorporate lessons learned from ongoing incident handling activities into incident response procedures, training, and testing, and implement the resulting changes accordingly; and…

Track and document incidents.

Require personnel to report suspected incidents to the organizational incident response capability within [Assignment: organization-defined time period]; and Report incident information to [Assignment: organization-defined authorities].

Provide an incident response support resource, integral to the organizational incident response capability, that offers advice and assistance to users of the system for the handling and reporting of incidents.

Develop an incident response plan that: Provides the organization with a roadmap for implementing its incident response capability; Describes the structure and organization of the incident response capability; Provides a high-level approach for how the incident response capability fits into the overall organization; Meets the unique requirements of the organization, which relate to mission, size,…

Respond to information spills by: Assigning [Assignment: organization-defined personnel or roles] with responsibility for responding to information spills; Identifying the specific information involved in the system contamination; Alerting [Assignment: organization-defined personnel or roles] of the information spill using a method of communication not associated with the spill; Isolating the contaminated system or system component; Eradicating…