Search
  • Ignyte CMMC Specialist

NIST 800-171 | INCIDENT RESPONSE


Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations


Safeguarding Controlled Unclassified Information (CUI) when working with a federal customer is critical to federal agencies and can directly impact your business. NIST SP 800-171 provides recommended minimal controls for protecting CUI. The requirements apply to all of the non-federal systems that process, store, or transmit CUI, or provide security protection for such components.


Requirements are specifically broken out into "Families" with sub-requirements underneath each family.



Incident Response


3.6.1 Establish an operational incident-handling capability for organizational information systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities.


Organizations recognize that incident handling capability is dependent on the capabilities of organizational systems and the mission/business processes being supported by those systems.


Organizations consider incident handling as part of the definition, design, and development of mission/business processes and systems.


Incident-related information can be obtained from a variety of sources


As part of user response activities, incident response training is provided by organizations and is linked directly to the assigned roles and responsibilities of organizational personnel to ensure that the appropriate content and level of detail is included in such training.


Incident response training includes user training in the identification/reporting of suspicious activities from external and internal sources.


NIST Special Publication 800-61 provides guidance on incident handling.


NIST Special Publications 800-86 and 800-101 provide guidance on integrating forensic techniques into incident response



3.6.2 Track, document, and report incidents to appropriate officials and/or authorities both internal and external to the organization.


Tracking and documenting system security incidents includes

  • Maintaining records about each incident, the status of the incident, and other pertinent information necessary for forensics

  • Evaluating incident details, trends, and handling


Incident information can be obtained from a variety of sources including

  • Incident reports

  • Incident response teams

  • Audit monitoring

  • Network monitoring

  • Physical access monitoring

  • User/administrator reports


Reporting incidents addresses specific incident reporting requirements within an organization and the formal incident reporting requirements for the organization.


Suspected security incidents may also be reported and include, for example, the receipt of suspicious email communications that can potentially contain malicious code.


NIST Special Publication 800-61 provides guidance on incident handling



3.6.3 Test the organizational incident response capability.


Organizations test incident response capabilities to determine the overall effectiveness of the capabilities and to identify potential weaknesses or deficiencies.


Incident response testing includes

  • The use of checklists

  • Walk-through or tabletop exercises

  • Simulations

  • Comprehensive exercises


Incident response testing can also include:

  • Determination of the effects on organizational operations

  • Organizational assets

  • Individuals due to incident response.


NIST Special Publication 800-84 provides guidance on testing programs for information technology capabilities.



For further Information and Demo, please contact us:


  • LinkedIn
  • Facebook
  • Twitter
  • Instagram
  • YouTube
  • Pinterest

info@ignyteplatform.com | 1.833.IGNYTE1 

​​

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Generic disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
 

Gartner is a registered trademark and service mark of Gartner, Inc. and/or of its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved
 

Igntye © 2020 All Rights Reserved. Ignyte Assurance Platform, Privacy Policy and Terms of Service.