Specifications include, but are not limited to: • Preliminary Incident Response Report, which shall be provided no later than five (5) business days after beginning the PFI investigation. The report shall include: o Identify of the reporting agency; o Identity of the lead investigator; o Date of report; o Breach of evidence; o First confirmed date that the intruder or malware entered the network; o Scope of the forensic investigation; o Type of date; o Initial thoughts on attacker; o If the breach was contained, how it was contained and when it was contained; and o Estimated date of investigation completion. • Final Incident Response Report, which shall be provided no later than ten (10) business days after completion of the PFI investigation. The report shall include: o Identify of the reporting agency; o Identity of the lead investigator; o Identify of all third parties included in the investigation; o Start date of investigation; o Date of report; o Breach of evidence.
