NIST 800-53 REV 5 • INCIDENT RESPONSE

IR-6(1)Automated Reporting

Report incidents using {{ insert: param, ir-06.01_odp }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

The recipients of incident reports are specified in [IR-6b](#ir-6_smt.b) . Automated reporting mechanisms include email, posting on websites (with automatic updates), and automated incident response tools and programs.

Practitioner Notes

This enhancement requires automated mechanisms for reporting incidents. Instead of relying on manual emails or phone calls, your systems should automatically generate and route incident reports.

Example 1: Configure your SIEM to automatically generate incident reports when certain alert thresholds are met and email them to designated recipients. Use Microsoft Sentinel's automated notification rules to alert leadership via Teams or email when a Severity 1 incident is created.

Example 2: Set up a Power Automate flow or similar automation that generates a formatted incident report from your ticketing system and distributes it to required stakeholders (CISO, legal, management). Include relevant details like timeline, scope, and current status automatically pulled from the ticket.

More Incident Response Controls

IR-1 Policy and Procedures IR-2 Incident Response Training IR-2(1) Simulated Events IR-2(2) Automated Training Environments