3.6.3

Requirement

Test the organizational incident response capability.

Discussion

Organizations test incident response capabilities to determine the effectiveness of the capabilities and to identify potential weaknesses or deficiencies. Incident response testing includes the use of checklists, walk-through or tabletop exercises, simulations (both parallel and full interrupt), and comprehensive exercises. Incident response testing can also include a determination of the effects on organizational operations (e.g., reduction in mission capabilities), organizational assets, and individuals due to incident response. [SP 800-84] provides guidance on testing programs for information technology capabilities.

More Info

Family

Incident Response
DoD Scoring Methodology Points

1

Related CMMC ID

IR.L2-3.6.3
Related NIST 800-53 ID

IR-3
Reference Documents
- NIST SP 800-84

NIST 800-171A Assessment Guidance

Examine

[SELECT FROM: Incident response policy; contingency planning policy; procedures addressing incident response testing; procedures addressing contingency plan testing; incident response testing material; incident response test results; incident response test plan; incident response plan; contingency plan; security plan; other relevant documents or records].
Interview

[SELECT FROM: Personnel with incident response testing responsibilities; personnel with information security responsibilities].
Test

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!