CMMCDocs.comHome / Glossary / Incident Response Plan
Incident Response Plan
Also known as: IR plan · IRP · Incident Response
A documented plan defining how the contractor detects, contains, eradicates, and recovers from cybersecurity incidents — including the 72-hour DIBNet reporting workflow.
An Incident Response Plan (IRP) is a documented plan that defines how the contractor detects, contains, eradicates, and recovers from cybersecurity incidents affecting the in-scope environment. NIST SP 800-171 Rev 2 includes seven Incident Response (IR) family requirements that obligate contractors to maintain such a plan and to test it.
For defense contractors handling CUI, the IRP must specifically address the DFARS 252.204-7012 72-hour reporting requirement: when an incident affecting CUI is discovered, the contractor must report it through the DIBNet portal within 72 hours, preserve compromised media, and cooperate with any subsequent DoD investigation.
A C3PAO will review the IRP and ask for evidence of: a recent tabletop exercise, the named incident response team and their training records, the DIBNet reporting workflow, and any actual incidents in the past 12-24 months and how they were handled.
Stop Googling. Start working.
CMMCDocs has all 110 NIST SP 800-171 Rev 2 requirements built in — with the language, the templates, and the evidence vault you need. Spin up a free demo workspace and click around the way an assessor would.
Get my demo account