NIST CSF: RS.AN-2 Subcategory

From NIST's Cyber Security Framework (version 1):

The impact of the incident is understood

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

CSF Mapped to SP800-53 Controls

Generated from NIST's SP800-53/CSF Crosswalk mappings.

Related ISO 27001 Controls

Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

  • Learning from information security incidents (16.1.6)
    ISO 27001:2013
  • Assessment of and decision on information security events (16.1.4)
    ISO 27001:2013

Related ISA/IEC 62443 Controls

Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

  • Identify failed and successful cyber security breaches (4.3.4.5.7)
    ISA/IEC 62443-2-1:2009
  • Identify and respond to incidents (4.3.4.5.6)
    ISA/IEC 62443-2-1:2009
  • Document the details of incidents (4.3.4.5.8)
    ISA/IEC 62443-2-1:2009

MITRE ATT&CK Techniques

See which MITRE ATT&CK techniques this control helps to protect against. This is based on mappings to associated SP800-53 controls.

ATT&CK ID Title Associated Tactics
T1561 Disk Wipe Impact
T1561.001 Disk Content Wipe Impact
T1486 Data Encrypted for Impact Impact
T1490 Inhibit System Recovery Impact
T1491.001 Internal Defacement Impact
T1485 Data Destruction Impact
T1561.002 Disk Structure Wipe Impact
T1491.002 External Defacement Impact
T1491 Defacement Impact

CSF Mapped to the NCSC CAF

Cyber Assessment Framework mappings generated from UK Cabinet Office data.

Control ID Name Description
D2.b Using Incidents to Drive Improvements Your organisation uses lessons learned from incidents to improve your security measures.
D2.a Incident Root Cause Analysis When an incident occurs, steps must be taken to understand its root causes and ensure appropriate remediating action is taken.