CMMCDocs.comIR.L2-3.6.1
Also known as: Incident handling capability requirement
The NIST SP 800-171 requirement that mandates the contractor establish an operational incident-handling capability.
IR.L2-3.6.1 requires the contractor to 'establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities.' It is the foundational requirement of the IR family.
In practice, this means a documented incident response plan, an identified incident response team, training for the team, tooling for detection and containment, and a tested workflow for moving an incident from initial detection to closure.
A C3PAO will review the IR plan, verify the team members exist and have been trained, ask for evidence of the most recent tabletop exercise, and walk through the DIBNet 72-hour reporting workflow that DFARS 252.204-7012 requires.
Stop Googling. Start working.
CMMCDocs has all 110 NIST SP 800-171 Rev 2 requirements built in — with the language, the templates, and the evidence vault you need. Spin up a free demo workspace and click around the way an assessor would.
Get my demo account