IR.L2-3.6.1
IR.L2-3.6.1: Incident Handling
Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities.
IR.L2-3.6.2
IR.L2-3.6.2: Incident Reporting
Document and report confirmed incidents to internal leadership and external authorities as required
IR.L2-3.6.3
IR.L2-3.6.3: Test Incident Response
Test your incident response capability at least annually to ensure your team can execute the plan when a real incident occurs.