Family 3.6 3 requirements
Incident Response.
Plan, practise, report. In that order.
The big picture
Assessors want to see a real plan you can execute, not a binder. Run a tabletop, document it — that is the evidence.
Theme 1
All practices.
3.6.1 — 3.6.3Establishing the incident-response capability, tracking and reporting incidents, and testing the plan.
- 3.6.1 Have a Plan. Documented incident response capability covering preparation, detection, analysis, containment, recovery, and user response. 3.6.2 Track and Report. Log every incident, notify internal stakeholders, report to DIBCAC within 72 hours for CUI incidents. 3.6.3 Test the Plan. Tabletop exercises and simulations — test your IR capability, document findings, and improve.