CMMC Practice IR.L2-3.6.3

Test the organizational incident response capability.

Bold Coast Security Guidance

Tabletop exercises are the most common way to test your Incident Response Plan. Be sure to document your testing scenario, who was present, and any lessons learned for Plan improvement. Test can also provide needed training for your team members who are not normally concerned with technology, such as public relations and human resources. Testing should occur at least annually. To preserve peoples time and company resources, a "live" incident can often be substituted for a drill if there is full team involvement. Keep an eye out for industry led exercises which may be provided via conference calls in which larger scale scenarios and breach response information from government agencies are provided.
Security Catapult

Be prepared for CMMC

Our Q&A assessment tool is designed by security advisors for MSPs and DoD contractors of all sizes.

Try now for free

Understand your gaps
Security Catapult

Understand your gaps

See compliance gaps, compliance scores and proactive security tasks in a single interface.

Try now for free

Validate NIST SP 800-171
Security Catapult

Validate NIST SP 800-171

Based on your CMMC answers, we let you know where you stand on NIST.

Try now for free

Build a plan of action
Security Catapult

Build a plan of action

Track your burn down and stay on top of security needs.

Try now for free

Build your policy
Security Catapult

Build your policy

Say goodbye to maintaining a security policy. We do it for you.

Try now for free

Discussion From Source

DRAFT NIST SP 800-171 R2 Organizations test incident response capabilities to determine the effectiveness of the capabilities and to identify potential weaknesses or deficiencies. Incident response testing includes the use of checklists, walk-through or tabletop exercises, simulations (both parallel and full interrupt), and comprehensive exercises. Incident response testing can also include a determination of the effects on organizational operations (e.g., reduction in mission capabilities), organizational assets, and individuals due to incident response.

References