CMMC 2.0 • LEVEL 2 • INCIDENT RESPONSE

IR.L2-3.6.2Incident Monitoring, Reporting, and Response Assistance

Track and document system security incidents. Report suspected incidents to the organizational incident response capability within annually (tabletop exercise minimum; full operational test where feasible)CMMC/STIG. Report incident information to the ISSO/ISSM and designated IT recovery personnel (roles named in the Contingency Plan)CMMC/STIG. Provide an incident response support resource that offers advice and assistance to system users on handling and reporting incidents.

NIST 800-171 Mapping

NIST 800-53 Controls

IR-6

Assessment Objectives

  • system security incidents are tracked.
  • system security incidents are documented.
  • suspected incidents are reported to the organizational incident response capability within annually (tabletop exercise minimum; full operational test where feasible)CMMC/STIG.
  • incident information is reported to the ISSO/ISSM and designated IT recovery personnel (roles named in the Contingency Plan)CMMC/STIG.
  • an incident response support resource that offers advice and assistance to system users on handling and reporting incidents is provided.

Practitioner Notes

Practitioner commentary coming soon.

Related CMMC 2.0 Practices

IR.L2-3.6.1 Incident Handling IR.L2-3.6.3 Incident Response Testing