FedRAMP Control Explorer

Controls

Access Control

Assessment, Authorization, and Monitoring

Audit and Accountability

Awareness and Training

Configuration Management

Contingency Planning

Identification and Authentication

Incident Response

Maintenance

Media Protection

Personnel Security

Physical and Environmental Protection

Planning

Risk Assessment

Supply Chain Risk Management

System and Communications Protection

System and Information Integrity

System and Services Acquisition

IR-6 Incident Reporting

Control

Require personnel to report suspected incidents to the organizational incident response capability within [US-CERT incident reporting timelines as specified in NIST Special Publication 800-61 (as amended)] ; and

Report incident information to [Assignment: organization-defined authorities].

Discussion

The types of incidents reported, the content and timeliness of the reports, and the designated reporting authorities reflect applicable laws, executive orders, directives, regulations, policies, standards, and guidelines. Incident information can inform risk assessments, control effectiveness assessments, security requirements for acquisitions, and selection criteria for technology products.

FedRAMP-Defined Assignment / Selection Parameters

IR-6 (a) [US-CERT incident reporting timelines as specified in NIST Special Publication 800-61 (as amended)] - time period for personnel to report suspected incidents to the organizational incident response capability is defined;