CMMC Level 2
Control 3.6.3
Test Incident Response Capability
CMMC-RP Certified Team
24+ Years Experience
CMMC-AB RPO #1449
Official Requirement
Test the organizational incident response capability.
What This Means in Plain English
Your incident response plan must be tested regularly through tabletop exercises, simulations, or drills. Testing reveals gaps in the plan and ensures the team can execute effectively when a real incident occurs.
How Petronella Implements This Control
Petronella Technology Group implements this control through:
- Quarterly tabletop exercises simulating various incident scenarios (ransomware, data breach, insider threat)
- Annual full-scale incident response drill with all team members
- Phishing simulation exercises testing user response and reporting procedures
- Post-exercise after-action reviews identifying improvement areas
- ComplianceArmor tracking exercise dates, participants, findings, and remediation actions
Assessment Guidance
Assessors will review records of incident response testing, verify that exercises are conducted at least annually, check that findings from exercises are used to improve the plan, and confirm that all team members participate in testing.
Common Implementation Gaps
- Incident response plan never tested
- Only tabletop exercises with no realistic simulations
- Testing not conducted at least annually
- Exercise findings not used to update the plan
- Key personnel not included in testing
Cross-Framework Mapping
| Framework | Mapped Controls |
|---|---|
| NIST SP 800-53 | IR-3, IR-3(2) |
| PCI DSS | Req 12.10.2 - Review and test the plan at least annually |
Need Help Implementing 3.6.3?
Our CMMC-RP certified team can assess your current compliance posture and build a remediation plan.
Schedule a Compliance Assessment Calculate your SPRS score