IncidentResponsev2
Integrate Additional Support Task
Conditions
Given a mission to deploy IR Team in support of Guardnet or State IT systems
Scope exceeds IR Team capabilities or escalates to Federal response levels
Standards
Coordinate with JAG/Cyber Legal for inclusion of T10 forces
Confirm Dual Status Commander requirement
Establish T10 and IR team coordination
Review and establish Rules for Use of Cyber (RUC)
Coordinate daily integration operations (Battle Rhythm)
Coordinate immediately on any legal concerns
Procedural Steps (Checklist)
Coordinate Legal Inclusion of T10 Forces
Notify legal team of operational scope change.
Request review for integration of federal assets.
Document authorities and jurisdictional considerations.
Confirm Dual Status Commander Requirement
Escalate to TAG (Adjutant General) for determination.
Assign liaison officer for Dual Status Commander coordination.
Document appointment and roles.
Coordinate T10 Arrival and Integration
Notify State Joint Operations Center (JOC) upon arrival.
Conduct joint in-brief and mission sync.
Assign partner liaison roles.
Establish Battle Rhythm and Integration
Define daily brief and debrief schedule.
Align reporting formats.
Create shared communication channels (Teams, SIPR, Signal).
Update Rules for Use of Cyber (RUC)
Engage JAG to review and update RUC.
Brief all teams on updated RUC.
Document RUC in mission folder.
Coordinate Legal Issues
Set direct contact protocols with JAG for urgent legal matters.
Immediately notify JAG of any actual or perceived illegal activities.
Suspend relevant operations pending review.
Tools
MS Teams or Slack for coordination
SharePoint or Confluence for documentation
Email/DTS for official correspondence
References
NIST Cyber Security Framework
NIST SP 800-61r2: Computer Security Incident Handling Guide
Revision History
Date
Version
Description
Author
2025-05-02
1.0
Expanded procedural checklist for integration
Leo