Incident Response - Level 2
CMMC IR.2.097 - Perform Root Cause Analysis on Incidents
Requirement text: IR.2.097: Perform root cause analysis on incidents to determine underlying causes. DISCUSSION FROM SOURCE: CERT RMM V1.2 Post-incident review is a formal part of the incident closure process. The organization conducts a formal ...
CMMC IR.2.096 - Develop Incident Response Procedures
Requirement text: IR.2.096: Develop and implement responses to declared incidents according to predefined procedures. DISCUSSION FROM SOURCE: CERT RMM V1.2 Responding to an organizational incident is often dependent on proper advance planning by the ...
CMMC IR.2.094 - Analyze Security Events
Requirement text: IR.2.094: Analyze and triage events to support event resolution and incident declaration. DISCUSSION FROM SOURCE: CERT RMM V1.2 The triage of event reports is an analysis activity that helps the organization to gather additional ...
CMMC IR.2.093 - Detect and Report Events
Requirement text: IR.2.093: Detect and report events. DISCUSSION FROM SOURCE: CERT RMM V1.2 The monitoring, identification, and reporting of events are the foundation for incident identification and commence the incident life cycle. Events ...
CMMC IR.2.092 - Establish an Operational Incident-handling Capability
Requirement text: IR.2.092: Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recover, and user response activities. DISCUSSION FROM SOURCE: DRAFT NIST SP ...