CMMC Practice IR.3.098: Track, document, and report incidents to designated officials and/or authorities both internal and external to the organization.
CMMC CLARIFICATION (Ref CMMC – Appendix B)
Incident response is a process an organization executes to manage the consequences and reduce the risk as a result of a security breach or cyberattack. The majority of the process consists of identification, containment, eradication, and recovery of the incident. During this process it is essential for an organization to track the work processes required in order to effectively respond. During the process the organization should designate a central hub to serve as the point to coordinate, communicate, and track activities. The hub should receive and document information from system administrators, incident handlers, and others involved throughout the process. As the incident process moves toward eradication the organization’s executives, affected business units, and any required external stakeholdersshould be kept aware of the incident in order to make decisions affecting the business. Designated staff members should also be assigned to work with executives to provide communications outside the organization in event it is needed.