• Requirement

    Implement a configurable capability to automatically disable the system if [Assignment: organization-defined security violations] are detected.

  • Discussion

    Organizations consider whether the capability to automatically disable the system conflicts with continuity of operations requirements specified as part of CP-2 or IR-4(3). Security violations include cyber-attacks that have compromised the integrity of the system or exfiltrated organizational information and serious errors in software programs that could adversely impact organizational missions or functions or jeopardize the safety of individuals.

More Info

  • Title

    Incident Handling | Automatic Disabling of System
  • Family

    Incident Response
  • Related NIST 800-53 ID

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!