NIST 800-171 Incident Reporting Compliance Requirements

One thing is hard to argue in today’s complex cyber world:

Cyber incidents are part of doing business.

Chances are, your organization’s data will be—or already has been—breached.

With 92% of malware being delivered by email, it’s no surprise that cyber incidents that expose sensitive data are spreading like wildfire.

Most organizations focus on mitigation: you remove viruses, launch employee “don’t click” training programs, and try to secure your network from hackers.

But what is your organization doing to be ready when the inevitable happens?

In this article, I’m going to explain what an incident response plan is and discuss NIST incident response requirements.

By the end, you’ll have a better understanding of incident reporting and compliance requirements, how they apply to NIST, and what DoD contractors are required to report in the event of a cyber incident.

Article Navigation

• ?What Is An Incident Response Plan?
• NIST Incident Response Requirements
• What Is A Cyber Incident?
• Incident Reporting Compliance Requirements
• Who Should Report And Why?
• What Do DoD Contractors Need To Report?
• Report The Fire Before It Spreads

?What Is An Incident Response Plan?

Are you prepared to successfully respond to incidents, whether they stem from malware, denial-of-service (DoS) attacks, stolen passwords, or lost laptops?

It’s one thing to have security efforts in place to protect your data, but it’s another to have incident response planning in place.

An incident response plan is a set of instructions designed to help IT staff identify, respond to, and recover from a security incident.

This plan refers to the scope of measures to be taken during an incident, not to the details of the incident itself.

A response plan for an incident is the instruction that the response team follows when an event occurs.

The purpose of an incident response plan is to protect sensitive data from a security breach, just as contingency plans are used to ensure the continuity of business processes and services during a malfunction.

NIST Incident Response Requirements

Incident response is one of the 14 requirements outlined in the National Institute of Standards and Technology’s (NIST) Special Publication (SP) 800-171—Protecting Controlled Unclassified Information (CUI) in Nonfederal Information Systems and Organizations, and enforced by the U.S. Department of Defense (DoD).

If your organization contracts for the government, you must implement all 14 of these requirements and security controls.

Simply put, if you do not comply, you risk losing your contracts, costing your organization millions of dollars in lost revenue.

In the article Are You Ready for NIST 800-171 Compliance Marathon?, I walked through the NIST 800-171 security requirements. Now, I will tackle what compliance requirements are required for incident reporting.

What Is A Cyber Incident?

A cyber incident is defined as actions taken through the use of computer networks that result in a compromise or an actual or potentially adverse effect on an information system and/or the information residing therein.

????Read the full article here.

We help enterprises with 360 cybersecurity services.

Follow PurpleSec for more vulnerability management and penetration testing content.