NIST 800-171 R-3.6.2
Track and Report Incidents
Official citation: 3.6.2
Class: core · Severity: high
Statement of the obligation — verify against source
3.6.2
What it means
Track, document, and report incidents to the designated internal and external officials or authorities. Keep records of each incident, its status, and the details needed for forensics and trend analysis, and report suspected incidents too (such as suspicious emails that may carry malicious code). The types of incidents reported, the content and timeliness of reports, and who they go to should reflect applicable laws, regulations, and policies.
Educational reference only — not legal advice. Consult a qualified assessor or attorney for binding compliance determinations.