← Back to catalog
IR-6
Incident Reporting
Incident Response (IR)
Baselines
Low · IncludedModerate · IncludedHigh · Included
Description
Require personnel to report suspected incidents to the organizational incident response capability within [assignment] ; and Report incident information to [assignment].
Discussion
The types of incidents reported, the content and timeliness of the reports, and the designated reporting authorities reflect applicable laws, executive orders, directives, regulations, policies, standards, and guidelines. Incident information can inform risk assessments, control effectiveness assessments, security requirements for acquisitions, and selection criteria for technology products.
Implementation guidance
No content available.
CSF 2.0 crosswalk
RC.CO-03Recovery activities and progress in restoring operational capabilities are communicated to designated internal and external stakeholdersRecover
RS.AN-06Actions performed during an investigation are recorded, and the records' integrity and provenance are preservedRespond
RS.AN-07Incident data and metadata are collected, and their integrity and provenance are preservedRespond
RS.CO-02Internal and external stakeholders are notified of incidentsRespond
RS.CO-03Information is shared with designated internal and external stakeholdersRespond
RS.MA-01The incident response plan is executed in coordination with relevant third parties once an incident is declaredRespond
RS.MA-02Incident reports are triaged and validatedRespond
RS.MA-03Incidents are categorized and prioritizedRespond
RS.MA-04Incidents are escalated or elevated as neededRespond