CAF Outcome D2.b: Using Incidents to Drive Improvements
From the UK NCSC's Cyber Assessment Framework (version 3.1):
Your organisation uses lessons learned from incidents to improve your security measures.
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
NCSC CAF Mapped to NIST CSF
D2.b: Using Incidents to Drive Improvements to CSF mappings generated from UK Cabinet Office table.
| Control ID | Description |
|---|---|
| RS.AN-2 | The impact of the incident is understood |
| DE.DP-5 | Detection processes are continuously improved |
| RC.IM-2 | Recovery strategies are updated |
| PR.IP-8 | Effectiveness of protection technologies is shared |
| RS.IM-2 | Response strategies are updated |
| PR.IP-7 | Protection processes are improved |
| RC.IM-1 | Recovery plans incorporate lessons learned |
| RS.IM-1 | Response plans incorporate lessons learned |
Related ISA/IEC 62443 Controls
Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CAF outcome, taken from mappings by Ofgem.
-
Document the details of incidents (4.3.4.5.8)
ISA/IEC 62443-2-1:2009 -
Address and correct issues discovered (4.3.4.5.10)
ISA/IEC 62443-2-1:2009
Related ISO 27001 Controls
Clauses and controls from ISO 27001 (2013) which are related to this CAF outcome, taken from mappings by Ofgem.
-
Learning from information security incidents (16.1.6)
ISO 27001:2013
Related SP800-53 Controls
Generated from NISTs SP800-53/CSF Crosswalk mappings.