IR-06 Incident Reporting
a. Require personnel to report suspected incidents to the organizational incident response capability within ir-06_odp.01 ; and
b. Report incident information to ir-06_odp.02.
The types of incidents reported, the content and timeliness of the reports, and the designated reporting authorities reflect applicable laws, executive orders, directives, regulations, policies, standards, and guidelines. Incident information can inform risk assessments, control effectiveness assessments, security requirements for acquisitions, and selection criteria for technology products.
- FASC18 Secure Technology Act [includes Federal Acquisition Supply Chain Security Act] (P.L. 115-390), December 2018.
- 41 CFR 201 "Federal Acquisition Supply Chain Security Act; Rule," 85 Federal Register 54263 (September 1, 2020), pp 54263-54271.
- USCERT IR Department of Homeland Security, *US-CERT Federal Incident Notification Guidelines* , April 2017.
- SP 800-61 Cichonski PR, Millar T, Grance T, Scarfone KA (2012) Computer Security Incident Handling Guide. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-61, Rev. 2.
Control Enhancements 3
- IR-06(01) Automated Reporting L M H P
- IR-06(02) Vulnerabilities Related to Incidents L M H P
- IR-06(03) Supply Chain Coordination L M H P
Related controls 6
- CM-06 Configuration Settings L M H P
- CP-02 Contingency Plan L M H P
- IR-04 Incident Handling L M H P
- IR-05 Incident Monitoring L M H P
- IR-08 Incident Response Plan L M H P
- IR-09 Information Spillage Response L M H P