CMMC 2.0 • LEVEL 2 • INCIDENT RESPONSE

IR.L2-3.6.1Incident Handling

Incident-related information can be obtained from a variety of sources, including audit monitoring, network monitoring, physical access monitoring, user and administrator reports, and reported supply chain events. An effective incident handling capability involves coordination among many organizational entities, including mission and business owners, system owners, human resources offices, physical and personnel security offices, legal departments, operations personnel, and procurement offices.

NIST 800-171 Mapping

NIST 800-53 Controls

IR-2IR-4IR-5IR-6IR-7

Assessment Objectives

  • an incident-handling capability that is consistent with the incident response plan is implemented.
  • the incident handling capability includes preparation.
  • the incident handling capability includes detection and analysis.
  • the incident handling capability includes containment.
  • the incident handling capability includes eradication.
  • the incident handling capability includes recovery.

Practitioner Notes

Practitioner commentary coming soon.

Related CMMC 2.0 Practices

IR.L2-3.6.2 Incident Monitoring, Reporting, and Response Assistance IR.L2-3.6.3 Incident Response Testing