Contact affected parties to participate in forensic investigations, as necessary.

CONTROL ID
12343

CONTROL TYPE
Communicate

CLASSIFICATION
Detective

This Control directly supports the implied Control(s):

Establish, implement, and maintain a digital forensic evidence framework., CC ID: 08652

There are no implementation support Controls.

In the event a follow-up action concerning a person or organization after an information security incident requires legal action, proper forensic procedures, including chain of custody, shall be required for the preservation and presentation of evidence to support potential legal action subject to t… (SEF-04, Cloud Controls Matrix, v3.0)
To support LE/CI investigations, the chain-of-custody of the captured data should be documented from end-to-end, person-to-person starting when the incident investigation begins. The individual that captures each piece or portion of the information initiates this documentation and each individual th… (Section 6.5.4.3 ¶ 2, Department of Defense Cloud Computing Security Requirements Guide, Version 1, Release 3)
Serve as a conduit of information from partner teams by identifying subject matter experts who can assist in the investigation of complex or unusual situations. (T0817, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
Serve as a conduit of information from partner teams by identifying subject matter experts who can assist in the investigation of complex or unusual situations. (T0817, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)â, July 7, 2020)