zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-08-01 15:34:53 +02:00
Code Issues Projects Releases Packages Wiki Activity
manage.get.gov/docs/compliance/dist/system-security-plans/ato/ir-2.md
Logan McDonald 1d3dfdb8d5
Add compliance documentation to source control (#116) 
* add initial setup of compliance-trestle
2022-09-14 08:46:43 -04:00

3 KiB
Raw Blame History

implementation-status control-origination
c-not-implemented
c-inherited-cloud-gov
c-inherited-cisa
c-common-control
c-system-specific-control

ir-2 - [catalog] Incident Response Training

Control Statement

  • [a] Provide incident response training to system users consistent with assigned roles and responsibilities:

    • [1] Within time period of assuming an incident response role or responsibility or acquiring system access;
    • [2] When required by system changes; and
    • [3] frequency thereafter; and

  • [b] Review and update incident response training content frequency and following events.

Control guidance

Incident response training is associated with the assigned roles and responsibilities of organizational personnel to ensure that the appropriate content and level of detail are included in such training. For example, users may only need to know who to call or how to recognize an incident; system administrators may require additional training on how to handle incidents; and incident responders may receive more specific training on forensics, data collection techniques, reporting, system recovery, and system restoration. Incident response training includes user training in identifying and reporting suspicious activities from external and internal sources. Incident response training for users may be provided as part of AT-2 or AT-3 . Events that may precipitate an update to incident response training content include, but are not limited to, incident response plan testing or response to an actual incident (lessons learned), assessment or audit findings, or changes in applicable laws, executive orders, directives, regulations, policies, standards, and guidelines.

Control assessment-objective

incident response training is provided to system users consistent with assigned roles and responsibilities within time period of assuming an incident response role or responsibility or acquiring system access; incident response training is provided to system users consistent with assigned roles and responsibilities when required by system changes; incident response training is provided to system users consistent with assigned roles and responsibilities frequency thereafter; incident response training content is reviewed and updated frequency; incident response training content is reviewed and updated following events.

What is the solution and how is it implemented?

Implementation a.

Add control implementation description here for item ir-2_smt.a

Implementation b.

Add control implementation description here for item ir-2_smt.b