CMMC Practice IR.L2-3.6.3 – Incident Response Testing: Test the organizational incident response capability.
Links to Publicly Available Resources
CMMC CLARIFICATION (Ref CMMC – Appendix B)
Testing an organization’s incident response capability validates existing plans as well as highlight lapses or changes within the environment. The test should seek to address questions like what happens during an incident, who is responsible for incident management, what tasks are assigned within the IT organization, what support would be needed from legal, public affairs, or other business component, how are resources obtained if needed during the incident, and how is law enforcement involved. Any negative impactsto the normal day-to-day mission when responding to an incident should also be identified and documented.