Track, document, and report incidents to designated officials and/or authorities both internal and external to the organization.
Test the organizational incident response capability.
Establish and maintain a security operations center capability that operates 24/7, with allowance for remote/on-call staff.
Establish and maintain a cyber incident response team that can be deployed by the organization within 24 hours.
Perform maintenance on organizational systems.
Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance.
Ensure equipment removed for off-site maintenance is sanitized of any CUI.
Check media containing diagnostic and test programs for malicious code before the media are used in organizational systems.
Require multifactor authentication to establish nonlocal maintenance sessions via external network connections and terminate such connections when nonlocal maintenance is complete.
Supervise the maintenance activities of maintenance personnel without required access authorization.