Understanding CMMC 2.0 Incident Response PracticesTheIncident Response (IR) domaininCMMC 2.0 Level 2aligns withNIST SP 800-171, Section 3.6, which defines requirements forestablishing and maintaining an incident response capability.
The documentation provideddescribes an incident response capability that includes preparation, detection, analysis, containment, recovery, and user response activities.
IR.L2-3.6.1specifically requires organizations toestablish an incident handling processcovering:
Preparation
Detection & Analysis
Containment
Eradication & Recovery
Post-Incident Response
B. IR.L2-3.6.2: Incident Reporting (Incorrect)
Incident reporting focuses on reporting incidents to external parties (e.g., DoD, DIBNet),which isnot what the provided documentation describes.
C. IR.L2-3.6.3: Incident Response Testing (Incorrect)
Incident response testing ensures that the response process is regularly tested and evaluated,which isnot the primary focus of the documentation provided.
D. IR.L2-3.6.4: Incident Spillage (Incorrect)
Incident spillage specifically refers to CUI exposure or handling unauthorized CUI incidents,which isnot the scenario described.
The correct answer isA. IR.L2-3.6.1: Incident Handling, as the documentationattests to the establishment of an incident response capability.
[References:, CMMC 2.0 Level 2 Practices (NIST SP 800-171, Section 3.6), CMMC Assessment Process (CAP) Guide, , , ]
