RS.CO-03:

Information is shared with designated internal and external stakeholders

Implementation Examples

Ex1:

Securely share information consistent with response plans and information sharing agreements

Ex2:

Voluntarily share information about an attacker's observed TTPs, with all sensitive data removed, with an Information Sharing and Analysis Center (ISAC)

Ex3:

Notify HR when malicious insider activity occurs

Ex4:

Regularly update senior leadership on the status of major incidents

Ex5:

Follow the rules and protocols defined in contracts for incident information sharing between the organization and its suppliers

Ex6:

Coordinate crisis communication methods between the organization and its critical suppliers

Frameworks and Controls

NIST Cybersecurity Framework V2.0

GV: Govern
ID: Identify
PR: Protect
DE: Detect
RS: Respond
RC: Recover

CMMC Level 1

NIST SP 800-171
- CMMC Level 2 - NIST SP 800-171 r2
CMMC Level 3

RS.CO-03:

Information is shared with designated internal and external stakeholders

Implementation Examples

Ex1:

Ex2:

Ex3:

Ex4:

Ex5:

Ex6:

Peaches.Cloud

Quick Links

Contact

Support Our Research