SAMMY UI is optimized for resolutions with a width 1024px and higher.
CIS Critical Security Controls
Browse CIS Critical...
17,1: Designate Personnel to Manage Incident Handling
17,2: Establish and Maintain Contact Information for Reporting Security Incidents
17,3: Establish and Maintain an Enterprise Process for Reporting Incidents
17,4: Establish and Maintain an Incident Response Process
17,5: Assign Key Roles and Responsibilities
17,6: Define Mechanisms for Communicating During Incident Response
17,7: Conduct Routine Incident Response Exercises
17,8: Conduct Post-Incident Reviews
17,9: Establish and Maintain Security Incident Thresholds
Designate Personnel to Manage Incident Handling
17,1: Designate Personnel to Manage Incident Handling
Policy defined
Not applicable - Not applicable
None - None
Informal - Informal
Partially written - Partially written
Written - Written
Approved and communicated - Approved and communicated
Control implemented
Not applicable - Not applicable
Not implemented - Not implemented
Parts of policy implemented - Parts of policy implemented
Implemented on some systems - Implemented on some systems
Implemented on most systems - Implemented on most systems
Implemented on all systems - Implemented on all systems
Control automated
Not applicable - Not applicable
Not automated - Not automated
Parts of policy automated - Parts of policy automated
Automated on some systems - Automated on some systems
Automated on most systems - Automated on most systems
Automated on all systems - Automated on all systems
Control reported
Not applicable - Not applicable
Not reported - Not reported
Parts of policy reported - Parts of policy reported
Reported on some systems - Reported on some systems
Reported on most systems - Reported on most systems
Reported on all systems - Reported on all systems
Description

Designate one key person, and at least one backup, who will manage the enterprise’s incident handling process. Management personnel are responsible for the coordination and documentation of incident response and recovery efforts and can consist of employees internal to the enterprise, third-party vendors, or a hybrid approach. If using a third-party vendor, designate at least one person internal to the enterprise to oversee any third-party work. Review annually, or when significant enterprise changes occur that could impact this Safeguard.