Collect Contact Information for your Incident Report
You need to be collecting the contact information of incident reporters and handlers.
Name of the person who reported the incident
Name of the person(s) who is handling the incident
Role/Title of the person who reported the incident
Role/Title of the person(s) who is handling the incident
Department/Team of the person who reported the incident
Department/Team of the person who is handling the incident
Email and phone of the person who reported the incident
Email and phone of the person who is handling the incident
Location (Office) of the person who reported the incident
Location (Office) of the person who is handling the incident
Collect Important Details on the Incident
Status change date/timestamps (including time zone): when the incident started, when the incident was discovered/detected, when the incident was reported, when the incident was resolved/ended, etc.
Physical location of the incident (e.g., office location, city, state)
Current status of the incident (e.g., ongoing attack)
Source/cause of the incident (if known), including hostnames and IP addresses
Description of the incident (e.g., how it was detected, what occurred)
Description of affected resources (e.g., networks, hosts, applications, data), including systems’ hostnames, IP addresses, and function
If known, incident category, vectors of attack associated with the incident, and indicators related to the incident (traffic patterns, registry keys, etc.)
Prioritization factors (functional impact, information impact, recoverability, etc.)
Mitigating factors (e.g., stolen laptop containing sensitive data was using full disk encryption)
Response actions performed (e.g., shut off host, disconnected host from network)
Other organizations contacted (e.g., software vendor)
Summary of the Incident Incident Handling Actions
List of evidence gathered
Cause of the Incident (e.g., misconfigured application, unpatched host)
Business Impact of the Incident
Cost of the Incident
Cybersecurity Maturity Model Certification (CMMC) Incident Response Requirements:
Companies with level 2 or higher CMMC requirements will need to have an incident response capability inplace. This includes being able to detect and respond to incidents, analyzing incidents, reporting incidents to relevant third parties (such as the DoD), testing incident response capabilities, and having plans in place to deal with common incidents.
If you would like more information on your cybersecurity maturity model certification (CMMC) related requirements reach out to us at email@example.com.
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
NIST SP 800-171 & CMMC Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.