← Back to catalog
IR-2(3)

Breach

Incident Response (IR)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description

Provide incident response training on how to identify and respond to a breach, including the organization’s process for reporting a breach.

Discussion

For federal agencies, an incident that involves personally identifiable information is considered a breach. A breach results in the loss of control, compromise, unauthorized disclosure, unauthorized acquisition, or a similar occurrence where a person other than an authorized user accesses or potentially accesses personally identifiable information or an authorized user accesses or potentially accesses such information for other than authorized purposes. The incident response training emphasizes the obligation of individuals to report both confirmed and suspected breaches involving information in any medium or form, including paper, oral, and electronic. Incident response training includes tabletop exercises that simulate a breach. See [IR-2(1)](#ir-2.1).

Implementation guidance

No content available.

CSF 2.0 crosswalk

No CSF mappings exist for this control.