Report system vulnerabilities associated with reported incidents to [Assignment: organization-defined personnel or roles].
| ID | Name | Description | D3FEND | |
| ID | Description | |
| Requirement | Rationale/Additional Guidance/Notes |
|---|---|
| The [organization] includes security awareness training on recognizing and reporting potential indicators of insider threat.{AT-2(2),IR-4(6),IR-6,IR-6(2),PM-16} | |
| The [organization] shall provide training to its personnel on how to identify and respond to malicious code indicators to include but not limited to indicators of potentially malicious code in flight software, indicators from development machine’s anti-virus/anti-malware software of potential malicious code, and to recognize suspicious communications and anomalous behavior in [organization] information systems.{AT-3(4),IR-6,IR-6(2),SI-4(24)} | |
| The [organization] shall define processes and procedures to be followed when integrity verification tools detect unauthorized changes to software, firmware, and information.{SV-IT-2}{CM-3,CM-3(1),CM-3(5),CM-5(6),CM-6,CP-2,IR-6,IR-6(2),PM-30,SC-16(1),SC-51,SI-3,SI-4(7),SI-4(24),SI-7,SI-7(7),SI-7(10)} | |
| The [organization] shall report counterfeit information system components to [organization] officials. {SV-SP-4}{IR-6,IR-6(2),PM-30,SA-19,SR-11} | |
| The [organization] shall report identified systems or system components containing software affected by recently announced cybersecurity-related software flaws (and potential vulnerabilities resulting from those flaws) to [organization] officials with cybersecurity responsibilities.{SV-SP-1,SV-SP-3,SV-SP-6,SV-SP-7,SV-SP-11}{IR-6,IR-6(2),SI-2,SI-3,SI-4(12),SR-4(4)} | |
| The [organization] shall employ automated tools that provide notification to ground operators upon discovering discrepancies during integrity verification.{CM-3(5),CM-6,IR-6,IR-6(2),SA-8(21),SC-51,SI-3,SI-4(7),SI-4(12),SI-4(24),SI-7(2)} |
| ID | Name | Description | |
|---|---|---|---|