Overview
  1. 03.01: Access Control
  2. 03.02: Awareness and Training
  3. 03.03: Audit and Accountability
  4. 03.04: Configuration Management
  5. 03.05: Identification and Authentication
  6. 03.06: Incident Response
  7. 03.07: Maintenance
  8. 03.08: Media Protection
  9. 03.09: Personnel Security
  10. 03.10: Physical Protection
  11. 03.11: Risk Assessment
  12. 03.12: Security Assessment
  13. 03.13: System and Communications Protection
  14. 03.14: System and Information Integrity

Security Requirements for 03.06.02 Incident Reporting

Tracking and documenting system security incidents includes maintaining records about each incident, the status of the incident, and other pertinent information necessary for forensics, evaluating incident details, trends, and handling. Incident information can be obtained from a variety of sources including incident reports, incident response teams, audit monitoring, network monitoring, physical access monitoring, and user/administrator reports.Reporting incidents addresses specific incident reporting requirements within an organization and the formal incident reporting requirements for the organization. Suspected security incidents may also be reported and include the receipt of suspicious email communications that can potentially contain malicious code. The types of security incidents reported, the content and timeliness of the reports, and the designated reporting authorities reflect applicable laws, Executive Orders, directives, regulations, and policies.[SP 800-61] provides guidance on incident handling.

Evidence

  1. 03.06.02.a

    Incidents are tracked

  1. 03.06.02.b

    Incidents are documented

  1. 03.06.02.c

    Authorities to whom incidents are to be reported are identified

  1. 03.06.02.d

    Organizational officials to whom incidents are to be reported are identified

  1. 03.06.02.e

    Identified authorities are notified of incidents

  1. 03.06.02.f

    Identified organizational officials are notified of incidents