>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

IR-6Incident Reporting

PBMM (P2)
Secret (P2)
Operational

>Control Description

(A) The organization requires personnel to report suspected security incidents to the organizational incident response capability within organization-defined time period. (B) The organization reports security incident information to organization-defined authorities.

>Supplemental Guidance

The intent of this control is to address both specific incident reporting requirements within an organization and the formal incident reporting requirements for GC departments or agencies and their subordinate organizations. Suspected security incidents include, for example, the receipt of suspicious email communications that can potentially contain malicious code. The types of security incidents reported, the content and timeliness of the reports, and the designated reporting authorities reflect applicable GC legislation and TBS policies, directives and standards.

Related controls: IR-4, IR-5, IR-8

Ask AI

Configure your API key to use AI features.