IR-8(1)

  • Requirement

    Include the following in the Incident Response Plan for breaches involving personally identifiable information:

    1. A process to determine if notice to individuals or other organizations, including oversight organizations, is needed;
    2. An assessment process to determine the extent of the harm, embarrassment, inconvenience, or unfairness to affected individuals and any mechanisms to mitigate such harms; and
    3. Identification of applicable privacy requirements.
  • Discussion

    Organizations may be required by law, regulation, or policy to follow specific procedures relating to breaches, including notice to individuals, affected organizations, and oversight bodies; standards of harm; and mitigation or other specific requirements.

More Info

  • Title

    Incident Response Plan | Breaches
  • Family

    Incident Response
  • NIST 800-53B Baseline(s)

    • Privacy
  • Related NIST 800-53 ID

    PT-1;PT-2;PT-3;PT-4;PT-5;PT-7

NIST 800-53A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!