IR — Incident Response
new org
SPRS Score: -1203
Objective Progress
0 / 14
(0.0%)
CMMC Practices MET
0 / 3
Domain Score Impact
-11
CMMC scoring changes when all assessment objectives for a practice are MET; objective progress updates as each objective is assessed.
IR.L2-3.6.1
DoD Weight: 5
Deduction: -5
Basic
Not Yet Assessed
Requirement: Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities.
MET gate: This control cannot be marked MET until every child objective is MET.
Blocking objective statuses:
3.6.1[a] = Not Yet Assessed;
3.6.1[b] = Not Yet Assessed;
3.6.1[c] = Not Yet Assessed;
3.6.1[d] = Not Yet Assessed;
3.6.1[e] = Not Yet Assessed;
3.6.1[f] = Not Yet Assessed
; and 1 more
Assessment Objectives (7)
-
3.6.1[a]Not Yet AssessedDetermine if: an operational incident-handling capability is established.
Update objective finding / evidence
-
3.6.1[b]Not Yet AssessedDetermine if: the operational incident-handling capability includes preparation.
Update objective finding / evidence
-
3.6.1[c]Not Yet AssessedDetermine if: the operational incident-handling capability includes detection.
Update objective finding / evidence
-
3.6.1[d]Not Yet AssessedDetermine if: the operational incident-handling capability includes analysis.
Update objective finding / evidence
-
3.6.1[e]Not Yet AssessedDetermine if: the operational incident-handling capability includes containment.
Update objective finding / evidence
-
3.6.1[f]Not Yet AssessedDetermine if: the operational incident-handling capability includes recovery.
Update objective finding / evidence
-
3.6.1[g]Not Yet AssessedDetermine if: the operational incident-handling capability includes user response activities.
Update objective finding / evidence
📝 Assessment Methods (Examine / Interview / Test)
Examine: [SELECT FROM: Incident response policy; contingency planning policy; procedures addressing incident handling; procedures addressing incident response assistance; incident response plan; contingency plan; security plan; procedures addressing incident response training; incident response training curriculum; incident response training materials; incident response training records; other relevant documents or records].
Interview: [SELECT FROM: Personnel with incident handling responsibilities; personnel with contingency planning responsibilities; personnel with incident response training and operational responsibilities; personnel with incident response assistance and support responsibilities; personnel with access to incident response support and assistance capability; personnel with information security responsibilities].
Test: [SELECT FROM: Incident-handling capability for the organization; organizational processes for incident response assistance; mechanisms supporting or implementing incident response assistance].
IR.L2-3.6.2
DoD Weight: 5
Deduction: -5
Basic
Not Yet Assessed
Requirement: Track, document, and report incidents to designated officials and/or authorities both internal and external to the organization.
MET gate: This control cannot be marked MET until every child objective is MET.
Blocking objective statuses:
3.6.2[a] = Not Yet Assessed;
3.6.2[b] = Not Yet Assessed;
3.6.2[c] = Not Yet Assessed;
3.6.2[d] = Not Yet Assessed;
3.6.2[e] = Not Yet Assessed;
3.6.2[f] = Not Yet Assessed
Assessment Objectives (6)
-
3.6.2[a]Not Yet AssessedDetermine if: incidents are tracked.
Update objective finding / evidence
-
3.6.2[b]Not Yet AssessedDetermine if: incidents are documented.
Update objective finding / evidence
-
3.6.2[c]Not Yet AssessedDetermine if: authorities to whom incidents are to be reported are identified.
Update objective finding / evidence
-
3.6.2[d]Not Yet AssessedDetermine if: organizational officials to whom incidents are to be reported are identified.
Update objective finding / evidence
-
3.6.2[e]Not Yet AssessedDetermine if: identified authorities are notified of incidents.
Update objective finding / evidence
-
3.6.2[f]Not Yet AssessedDetermine if: identified organizational officials are notified of incidents.
Update objective finding / evidence
📝 Assessment Methods (Examine / Interview / Test)
Examine: [SELECT FROM: Incident response policy; procedures addressing incident monitoring; incident response records and documentation; procedures addressing incident reporting; incident reporting records and documentation; incident response plan; security plan; other relevant documents or records].
Interview: [SELECT FROM: Personnel with incident monitoring responsibilities; personnel with incident reporting responsibilities; personnel who have or should have reported incidents; personnel (authorities) to whom incident information is to be reported; personnel with information security responsibilities].
Test: [SELECT FROM: Incident monitoring capability for the organization; mechanisms supporting or implementing tracking and documenting of system security incidents; organizational processes for incident reporting; mechanisms supporting or implementing incident reporting].
IR.L2-3.6.3
DoD Weight: 1
Deduction: -1
Basic
Not Yet Assessed
Requirement: Test the organizational incident response capability.
MET gate: This control cannot be marked MET until every child objective is MET.
Blocking objective statuses:
3.6.3 = Not Yet Assessed
Assessment Objectives (1)
-
3.6.3Not Yet AssessedDetermine if: the incident response capability is tested.
Update objective finding / evidence
📝 Assessment Methods (Examine / Interview / Test)
Examine: [SELECT FROM: Incident response policy; contingency planning policy; procedures addressing incident response testing; procedures addressing contingency plan testing; incident response testing material; incident response test results; incident response test plan; incident response plan; contingency plan; security plan; other relevant documents or records].
Interview: [SELECT FROM: Personnel with incident response testing responsibilities; personnel with information security responsibilities].