HITRUST CSF 11.0 Information Security Incident Management

The HITRUST Common Security Framework (CSF) reports provide available documentation and compliance artifacts that help you demonstrate compliance with HITRUST CSF control categories, as outlined in the HITRUST Risk Management Framework.

The HITRUST CSF 11.0 Information Security Incident Management report describes how to access security event and incident reporting features in the Alert Logic console that help demonstrate compliance with Control Category 11.0.

To access the HITRUST CSF 11.0 report:

  1. In the Alert Logic console, click the menu icon (), and then click Validate.
  2. Click Reports, and then click Compliance.
  3. Under HITRUST CSF, click VIEW.
  4. Click HITRUST CSF 11.0 Information Security Incident Management.

To refine your findings, you can filter your report by date range and customer account.

By default, Alert Logic includes (All) filter values in the report.

To add or remove filter values:

  1. Click the drop-down menu in the filter, and then select or clear values.
  2. Click Apply.

The report summary page displays two columns. Control References lists each procedure that is required to meet the selected control objective. Available Documentation and Artifacts describes, and contains links to, the documentation and compliance artifacts that can demonstrate compliance with each control objective.

Available Documentation and Artifacts

This report provides access to features in the Alert Logic console that help you demonstrate compliance with the following control objectives in Control Category 11.0:

  • 11.01 Reporting Information Security Incidents and Weaknesses
  • 11.02 Management of Information Security Incidents and Improvements

Control Objective 11.01 Reporting Information Security Incidents and Weaknesses

This section of the report includes documentation and artifacts that help you demonstrate compliance with Control Objective 11.01 Reporting Information Security Incidents and Weaknesses. This control objective requires you to handle information security events and weaknesses associated with information systems in a manner allowing timely corrective action to be taken.

Control Reference 11.a (Level 1 Implementation Requirements)

Compliance with Control Reference 11.a Reporting Information Security Events requires you to establish formal procedures for reporting information security events as well as establish an incident response and escalation procedure.

You must also establish a point of contact for the reporting of information security events.

This report section provides the following links for quick access to appropriate pages in the Alert Logic console that illustrate compliance with requirements for Control Reference 11.a:

  • Event analysis findings in the Threats group of the Reports page to review summary, distribution, and trending data for security events detected across your environment.
  • Current contacts for Incident Notifications in your organization. You can gather information from this page about incident notifications configured and notification recipients.

Control Objective 11.02 Management of Information Security Incidents and Improvements

Control Objective 11.02 Management of Information Security Incidents and Improvements requires you to ensure a consistent and effective approach to the management of information security incidents.

This section of the report includes documentation and artifacts that help you demonstrate that you have implemented procedures to ensure compliance with these Control References:

  • 11.c Responsibilities and Procedures
  • 11.d Learning from Information Security Incidents

Control Reference 11.c (Level 1 Implementation Requirements)

Compliance with Control Reference 11.c Responsibilities and Procedures requires you to implement an incident handling capability for security incidents that includes detection and analysis, containment, eradication, and recovery (including public relations and reputation management).

You must also establish a program of business processes and technical measures to triage security-related events and handle different types of information security incidents as outlined in the HITRUST Risk Management Framework.

This report section provides a link to the current contacts for Incident Notifications in the Alert Logic console for your organization. You can gather information from this page about incident notifications configured and notification recipients to demonstrate compliance with requirements for Control Reference 11.c.

Control Reference 11.d (Level 1 Implementation Requirements)

Compliance with Control Reference 11.d Learning from Information Security Incidents requires you to use information gained from the evaluation of information security incidents to identify recurring or high-impact incidents and update the incident response and recovery strategy.

Mechanisms must also be in place to monitor and quantify the types, volumes, and costs of information security incidents.

This report section provides a link to incident analysis findings in the Threats group of the Reports page in the Alert Logic console to review summary, distribution, and trending data for security incidents detected across your environment.