NIST CSF: RC.RP-1 Subcategory

From NIST's Cyber Security Framework (version 1):

Recovery plan is executed during or after a cybersecurity incident

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

CSF Mapped to SP800-53 Controls

Generated from NIST's SP800-53/CSF Crosswalk mappings.

Related ISO 27001 Controls

Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

  • Response to information security incidents (16.1.5)
    ISO 27001:2013

MITRE ATT&CK Techniques

See which MITRE ATT&CK techniques this control helps to protect against. This is based on mappings to associated SP800-53 controls.

ATT&CK ID Title Associated Tactics
T1561.001 Disk Content Wipe Impact
T1561.002 Disk Structure Wipe Impact
T1491 Defacement Impact
T1565.001 Stored Data Manipulation Impact
T1485 Data Destruction Impact
T1565 Data Manipulation Impact
T1561 Disk Wipe Impact
T1491.002 External Defacement Impact
T1491.001 Internal Defacement Impact
T1490 Inhibit System Recovery Impact
T1486 Data Encrypted for Impact Impact

CSF Mapped to the NCSC CAF

Cyber Assessment Framework mappings generated from UK Cabinet Office data.

Control ID Name Description
D1.a Response Plan You have an up-to-date incident response plan that is grounded in a thorough risk assessment that takes account of your essential function and covers a range of incident scenarios.