NIST CSF: RS.IM-1 Subcategory
From NIST's Cyber Security Framework (version 1):
Response plans incorporate lessons learned
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
CSF Mapped to SP800-53 Controls
Generated from NIST's SP800-53/CSF Crosswalk mappings.
Related ISO 27001 Controls
Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Learning from information security incidents (16.1.6)
ISO 27001:2013
Related ISA/IEC 62443 Controls
Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Address and correct issues discovered (4.3.4.5.10)
ISA/IEC 62443-2-1:2009 -
Identify and implement corrective and preventive actions (4.4.3.4)
ISA/IEC 62443-2-1:2009
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against. This is based on mappings to associated SP800-53 controls.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1561 | Disk Wipe | Impact |
| T1561.001 | Disk Content Wipe | Impact |
| T1486 | Data Encrypted for Impact | Impact |
| T1490 | Inhibit System Recovery | Impact |
| T1491.001 | Internal Defacement | Impact |
| T1485 | Data Destruction | Impact |
| T1561.002 | Disk Structure Wipe | Impact |
| T1491.002 | External Defacement | Impact |
| T1491 | Defacement | Impact |
CSF Mapped to the NCSC CAF
Cyber Assessment Framework mappings generated from UK Cabinet Office data.
| Control ID | Name | Description |
|---|---|---|
| D2.a | Incident Root Cause Analysis | When an incident occurs, steps must be taken to understand its root causes and ensure appropriate remediating action is taken. |
| D2.b | Using Incidents to Drive Improvements | Your organisation uses lessons learned from incidents to improve your security measures. |