1. APPENDIX B: INCIDENT RESPONSE CHECKLIST

APPENDIX B: INCIDENT RESPONSE CHECKLIST

Note**: the incident response playbook for incidents that involve confirmed malicious cyber activity for which a major incident has been declared or not yet been reasonably ruled out.

³⁵ OMB M-20-04

³⁶ CISA Services Catalog, First Edition: Autumn 2020

³⁷ CISA Federal Incident Notification Guidelines

³⁸ Per OMB M-20-04, appropriate analysis of whether the incident is a major incident will include the agency CIO, CISO, mission or system owners, and, if it is a breach, the Senior Agency Official for Privacy (SAOP). Regardless of the internal reporting chain of the organization, CISA must receive the major incident report within 1 hour of major incident declaration.

³⁹ OMB M-20-04

Table of Contents

• INTRODUCTION
• INCIDENT RESPONSE PLAYBOOK
• VULNERABILITY RESPONSE PLAYBOOK
• APPENDIX A - KEY TERMS
• APPENDIX B - INCIDENT RESPONSE CHECKLIST
• APPENDIX C - INCIDENT RESPONSE PREPARATION CHECKLIST
• APPENDIX E - VULNERABILITY AND INCIDENT CATEGORIES
• APPENDIX F - SOURCE TEXT
• APPENDIX G - WHOLE-OF-GOVERNMENT ROLES AND RESPONSIBILITIES