Basic Security Requirements:
6.1 Establish an operational incident-handling capability for organizational information systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities.
6.2 Track, document, and report incidents to appropriate officials and/or authorities both internal and external to the organization.
Derived Security Requirements:
6.3 Test the organizational incident response capability.