IR.2.096 Develop and implement responses to declared incidents according to pre-defined procedures.

CMMC Practice IR.2.096: Develop and implement responses to declared incidents according to pre-defined procedures.

Links to Publicly Available Resources

CMMC CLARIFICATION (Ref CMMC – Appendix B)

Write procedures ahead of time to use when responding to incidents. These procedures will help guide the development and implementation of responses during an incident. Responses should prevent or contain the impact of an incident while it is occurring or shortly after. The type of response will vary depending on the incident. Response actions might include:

  • stopping or containing the damage (e.g., by taking hardware or systems offline);
  • communicating to users (e.g., avoid opening a specific type of email message);
  • communicating to stakeholders (e.g., corporate management); and
  • implementing controls (e.g., updating access control lists).