IR.5.108 Establish and maintain a cyber incident response team that can investigate an issue physically or virtually at any location within 24 hours.

CMMC Practice IR.5.108: Establish and maintain a cyber incident response team that can investigate an issue physically or virtually at any location within 24 hours.

Links to Publicly Available Resources

CMMC CLARIFICATION (Ref CMMC – Appendix B)

An organization must have a team of individuals available to respond to a security incident within 24 hours. In the event of an incident the incident response team may need access to the network device or endpoint to investigate potential incidents. The response team may be able to perform the investigation virtually, or triage and quarantine virtually until local personnel can assist. The response team coordinates with information technology help desk personnel, system administrators, and physical security as appropriate to respond to an incident.