>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

IR-1Policy and Procedures

>Control Description

a

Develop, document, and disseminate to all personnel when their unescorted logical or physical access to any information system results in the ability, right, or privilege to view, modify, or make use of unencrypted CJI: (a) Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (b) Is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines; and

1.

Agency-level incident response policy that:

2.

Procedures to facilitate the implementation of the incident response policy and the associated incident response controls;

b

Designate an individual with security responsibilities to manage the development, documentation, and dissemination of the incident response policy and procedures; and

c

Review and update the current incident response: 3

1.

Policy annually and following any security incidents involving unauthorized access to CJI or systems used to process, store, or transmit CJI; and

2.

Procedures annually and following any security incidents involving unauthorized access to CJI or systems used to process, store, or transmit CJI.

>Cross-Framework Mappings

SCF

IRO-01
Compare
IRO-04.2
Compare
IRO-13
Compare

Ask AI

Configure your API key to use AI features.