CMMC 1.0 Practice IR.2.096 Requirement:
Develop and implement responses to declared incidents according to predefined procedures.
CMMC 1.0 IR.2.096 Requirement Explanation:
By documenting incident responses for common incidents can quickly respond to incidents as they occur.
Example CMMC 1.0 IR.2.096 Implementation:
Document procedures for responding to common security incidents. Common security incidents include phishing attacks, malware infections, and policy violations by employees. Responses to incidents generally include actions to contain damage, communicating the incident to users, deploying additional security controls and communicating with key stakeholders.
CMMC 1.0 IR.2.096 Scenario(s):
- Scenario 1:
A user has reported receiving a phishing email containing a malicious file. You use your documented procedures to respond to this common security incident. Your procedures include black listing the domain of the malicious email and sending an email to your employees warning them of the attack.