IR-2(3)

Requirement

Provide incident response training on how to identify and respond to a breach, including the organization’s process for reporting a breach.

Discussion

For federal agencies, an incident that involves personally identifiable information is considered a breach. A breach results in the loss of control, compromise, unauthorized disclosure, unauthorized acquisition, or a similar occurrence where a person other than an authorized user accesses or potentially accesses personally identifiable information or an authorized user accesses or potentially accesses such information for other than authorized purposes. The incident response training emphasizes the obligation of individuals to report both confirmed and suspected breaches involving information in any medium or form, including paper, oral, and electronic. Incident response training includes tabletop exercises that simulate a breach. See IR-2(1).

NIST 800-53A Assessment Guidance

Examine

[SELECT FROM: Incident response policy; contingency planning policy; procedures addressing incident response testing; procedures addressing contingency plan testing; incident response testing material; incident response test results; incident response test plan; incident response plan; contingency plan; system security plan; privacy plan; other relevant documents or records].

Interview

[SELECT FROM: Organizational personnel with incident response training responsibilities; organizational personnel with information security and privacy responsibilities].

ID	Assessment Objectives
IR-02(03)[01]	incident response training on how to identify and respond to a breach is provided;
IR-02(03)[02]	incident response training on the organizationís process for reporting a breach is provided.

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!