Family 3.6 3 requirements
Incident Response.
Plan, practise, report. In that order.
The big picture
Assessors want to see a real plan you can execute, not a binder. Run a tabletop, document it — that is the evidence.
Theme 1
All practices.
3.6.1 — 3.6.3Establishing the incident-response capability, tracking and reporting incidents, and testing the plan.
- 3.6.1 Have a Plan. IR.L2-3.6.1 · Incident Handling Documented incident response capability covering preparation, detection, analysis, containment, recovery, and user response. 3.6.2 Track and Report. IR.L2-3.6.2 · Incident Reporting Log every incident, notify internal stakeholders, report to DIBCAC within 72 hours for CUI incidents. 3.6.3 Test the Plan. IR.L2-3.6.3 · Incident Response Testing Tabletop exercises and simulations — test your IR capability, document findings, and improve.