RECOVER
NIST CSF 2.0 RECOVER function — categories and subcategories.
Incident Recovery Communication
Restoration activities are coordinated with internal and external parties
RC.CO-01
Public relations are managed
RC.CO-02
Reputation is repaired after an incident
RC.CO-03
Recovery activities and progress in restoring operational capabilities are communicated to designated internal and external stakeholders
RC.CO-04
Public updates on incident recovery are shared using approved methods and messaging
Improvements
Improvements
RC.IM-01
Recovery plans incorporate lessons learned
RC.IM-02
Recovery strategies are updated
Incident Recovery Plan Execution
Restoration activities are performed to ensure operational availability of systems and services affected by cybersecurity incidents
RC.RP-01
The recovery portion of the incident response plan is executed once initiated from the incident response process
RC.RP-02
Recovery actions are selected, scoped, prioritized, and performed
RC.RP-03
The integrity of backups and other restoration assets is verified before using them for restoration
RC.RP-04
Critical mission functions and cybersecurity risk management are considered to establish post-incident operational norms
RC.RP-05
The integrity of restored assets is verified, systems and services are restored, and normal operating status is confirmed
RC.RP-06
The end of incident recovery is declared based on criteria, and incident-related documentation is completed