IR-06 ยท Incident Reporting

Control Description

Require personnel to report suspected incidents to the organizational incident response capability within {{ insert: param, ir-06_odp.01 }} ; and Report incident information to {{ insert: param, ir-06_odp.02 }}.

Impact Baselines
Security baselines where this control applies
Not in any baseline
Control Properties
SP800-53
organization
Control Statement
The control requirements

a. Require personnel to report suspected incidents to the organizational incident response capability within {{ insert: param, ir-06_odp.01 }} ; and

b. Report incident information to {{ insert: param, ir-06_odp.02 }}.

Supplemental Guidance

The types of incidents reported, the content and timeliness of the reports, and the designated reporting authorities reflect applicable laws, executive orders, directives, regulations, policies, standards, and guidelines. Incident information can inform risk assessments, control effectiveness assessments, security requirements for acquisitions, and selection criteria for technology products.

Related NIST Controls
Other NIST 800-53 controls related to this one
CM-06
CP-02
IR-04
IR-05
IR-08
IR-09
References
Secure Technology Act [includes Federal Acquisition Supply Chain Security Act] (P.L. 115-390), December 2018.
"Federal Acquisition Supply Chain Security Act; Rule," 85 Federal Register 54263 (September 1, 2020), pp 54263-54271.
Department of Homeland Security, *US-CERT Federal Incident Notification Guidelines* , April 2017.
Cichonski PR, Millar T, Grance T, Scarfone KA (2012) Computer Security Incident Handling Guide. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-61, Rev. 2.