AC.L2-3.6.1[c] — Incident Response (Analysis)
Domain: Incident Response (IR) | Practice: IR.L2-3.6.1 | Objective ID: 3.6.1[c]
Assessment Objective: An operational incident-handling capability is established that includes analysis.
Develop analytical capabilities and procedures to assess the scope, impact, and root cause of detected incidents. Analysis informs appropriate response actions. For CUI-handling organizations, this objective is foundational under DFARS 252.204-7012 during CMMC Level 2 assessments.
Key Requirements: Documented control implementation in SSP, named control owner, analytical procedures for scope and impact assessment, monitoring mechanisms, documented review cadence with signed evidence, and defined remediation paths for gaps.
Tags: AC.L2-3.6.1[c], cmmc, level-2, domain-ir