CMMC Domain IR Incident Response

Develop a plan to prepare for a security incident before it occurs.

IR.3.099
Test the organizational incident response capability.
IR.5.106
In response to cyber incidents, utilize forensic data gathering across impacted systems, ensuring the secure transfer and protection of forensic data.
IR.2.094
Analyze and triage events to support event resolution and incident declaration.
IR.2.097
Perform root cause analysis on incidents to determine underlying causes.
IR.4.100
Use knowledge of attacker tactics, techniques, and procedures in incident response planning and execution.
IR.2.093
Detect and report events.
IR.5.108
Establish and maintain a cyber incident response team that can investigate an issue physically or virtually at any location within 24 hours.
IR.3.098
Track, document, and report incidents to designated officials and/or authorities both internal and external to the organization.
IR.5.110
Perform unannounced operational exercises to demonstrate technical and procedural responses.
IR.2.096
Develop and implement responses to declared incidents according to predefined procedures.
IR.2.092
Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recover, and user response activities.
IR.5.102
Use a combination of manual and automated, real-time responses to anomalous activities that match incident patterns.
IR.4.101
Establish and maintain a security operations center capability that facilitates a 24/7 response capability.