Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization provides information spillage response training [Assignment: organization-defined frequency; FedRAMP Assignment: (H) at least annually].
NIST 800-53 (r4) Supplemental Guidance:
None.
References: None.
NIST 800-53 (r5) Discussion:
Organizations establish requirements for responding to information spillage incidents in incident response plans. Incident response training on a regular basis helps to ensure that organizational personnel understand their individual responsibilities and what specific actions to take when spillage incidents occur.
38North Guidance:
Meets Minimum Requirement:
Provides training on how to respond to information spills according to FedRAMP requirements which is at least annually for High systems, and defined by the organization for Moderate systems.
Best Practice:
Include information spillage response training in the general incident response training that is provided annually.
Unofficial FedRAMP Guidance: None.
Assessment Evidence:
Incident response plan or procedures
Copy of the information spillage response training, if it's provided separately
Training records showing the personnel that have completed the training, and on what dates
CSP Implementation Tips:
Amazon Web Services (AWS): TBD
Microsoft Azure: TBD
Google Cloud Platform: TBD
Page updated
Report abuse