IR-2(3): Breach

Control Family:

Incident Response

CSF v1.1 References:

CSF v2.0 References:

PF v1.0 References:


(Not part of any baseline)

Info icon.

Control is new to this version of the control set.

Control Statement

Provide incident response training on how to identify and respond to a breach, including the organization’s process for reporting a breach.

Supplemental Guidance

For federal agencies, an incident that involves personally identifiable information is considered a breach. A breach results in the loss of control, compromise, unauthorized disclosure, unauthorized acquisition, or a similar occurrence where a person other than an authorized user accesses or potentially accesses personally identifiable information or an authorized user accesses or potentially accesses such information for other than authorized purposes. The incident response training emphasizes the obligation of individuals to report both confirmed and suspected breaches involving information in any medium or form, including paper, oral, and electronic. Incident response training includes tabletop exercises that simulate a breach. See IR-2(1).