IR β Domain Notes
CMMC Domain: IR
Status: Stub β populate as findings are gathered
General Notes
No specific firsthand accounts found yet in this research pass. Check lessons-learned.md and r-cmmc-summary.md for general guidance.
Related Posts to Investigate
Add specific Reddit threads and sources here as research continues.
Notes from Community Research
IR Generally
- IR (Incident Response) requires a documented IR plan
- Plan must be tested (exercises, tabletops)
- Document who to notify, when, how, and what you do with the system while investigating
- Assessors will ask if you've ever had an incident and how you responded β have a documented example or tabletop exercise record
CMMC-Specific
- CUI breaches may require notification to DoD β document the notification chain
- IR plan must reference CUI specifically, not just generic cybersecurity incidents