IR-06 Incident Reporting

Control: The organization promptly reports incident information to appropriate authorities.

Supplemental Guidance: The types of incident information reported, the content and timeliness of the reports, and the list of designated reporting authorities or organizations are consistent with applicable laws, Executive Orders, directives, policies, regulations, standards, and guidance. Organizational officials report cyber security incidents to the United States Computer Emergency Readiness Team (US-CERT) at http://www.us-cert.gov within the specified timeframe designated in the US-CERT Concept of Operations for Federal Cyber Security Incident Handling. In addition to incident information, weaknesses and vulnerabilities in the information system are reported to appropriate organizational officials in a timely manner to prevent security incidents. NIST Special Publication 800-61 provides guidance on incident reporting.

Control Enhancements: (1) The organization employs automated mechanisms to assist in the reporting of security incidents.

Baseline: LOW IR-6 MOD IR-6 (1) HIGH IR-6 (1)

Family: Incident Response

Class: Operational

ISO 17799 mapping: 6.1.6, 6.2.2, 6.2.3, 13.1.1, 13.1.2

COBIT 4.1 mapping: DS5.6

PCI-DSS v2 mapping: 12.9.1