IR.L2-3.6.2—Incident Reporting
Level 2
800-171: 3.6.2
>Control Description
Track, document, and report incidents to designated officials and/or authorities both internal and external to the organization.
>Cross-Framework Mappings
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What is your policy for incident tracking and reporting?
- •Who must be notified for different types of incidents?
- •What are your timelines for reporting incidents to internal and external parties?
- •How do you determine which incidents require external reporting (e.g., to DoD, FBI)?
- •What is your process for documenting incident details and response actions?
Technical Implementation:
- •What ticketing or case management system tracks incidents?
- •What tools document incident details and timeline?
- •How do you generate incident reports for internal/external stakeholders?
- •What automated reporting capabilities exist?
- •What tools support incident metrics and KPIs?
Evidence & Documentation:
- •What incident response plan and procedures can you provide?
- •What incident tracking records demonstrate incident handling?
- •What incident reports show incidents were properly documented?
- •What incident response test documentation shows capability testing?
- •What evidence shows incident response team training?
- •What notification records show required reporting occurred?
Ask AI
Configure your API key to use AI features.