Ready to get compliant?

Show Me How
Talk To Us

NIST SP 800-171 Requirement 3.6: Incident Response

The National Institute of Standards and Technology (NIST) has developed a guide to assist businesses with adherence to Defense Federal Acquisition Register Supplement (DFARS) standards. The sixth of the 14 Families of Requirements for NIST 800-171 compliance is incident response. 

What is Incident Response in Terms of NIST 800-171?

The purpose of this family of requirements is to establish the goals and the vision for the incident response process by clearly defining what is considered a breach, roles and responsibilities of the incident response team, reporting requirements, remediation and after action review. 

A business must maintain a contingency plan and prove that system users know what to do and how to report an incident, as well as regularly test the response capability. In the event of an incident, every second counts. This means ensuring timely identification of, and an adequate response to a cybersecurity incident, as well as reporting the incident to official authorities is paramount. This guideline family requires appropriate detection and alerting, as well as policy and plan preparation. Incident response has 3 requirements. 2 Basic and 1 Derived. 

Basic Requirements

  • 3.6.1 Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities.
  • 3.6.2 Track, document, and report incidents to designated officials and/or authorities both internal and external to the organization.


Derived Requirements

  • 3.6.3 Test the organizational incident response capability.


For a guide on incident response check out SP 800-61. To learn more about NIST SP 800-171 Compliance please visit NIST.SP.800-171r2.pdf and be sure to review the assessment guide:SP 800-171A, Assessing Security Requirements for CUI | CSRC

NeQter Labs can assist you with building the foundation for your cyber security and compliance program. By combining SIEM, vulnerability scanning, inventory and documentation into a single platform, NeQter allows you to get a jump start on your DFARS-7012/NIST 800-171/CMMC compliance project. Our extensive partner network ensures that no matter what, we can assist you with all your compliance needs. Contact us here.

Keep up with our latest content by following NeQter Labs on Twitter, Facebook, LinkedIn, and Youtube

Related Posts

Talk To Us