Cyber Security - Respond Flashcards
RS.RP-1
Response plan is executed during or after an event
RS.CO-1
Personnel know their roles and order of operations when a response is needed
RS.CO-2
Events are reported consistent with established criteria
RS.CO-3
Information is shared consistent with response plans
RS.CO-4
Coordination with stakeholders occurs consistent with response plans
RS.CO-5
Voluntary information sharing occurs with external stakeholders to achieve broader cybersecurity situational awareness
RS.AN-1
Notifications from detection systems are investigated
RS.AN-2
The impact of the incident is understood
RS.AN-3
Forensics are performed
RS.AN-4
Incidents are categorized consistent with response plans
RS.MI-1
Incidents are contained
RS.MI-2
Incidents are mitigated
RS.MI-3
Newly identified vulnerabilities are mitigated or documented as accepted risks
RS.IM-1
Response plans incorporate lessons learned
RS.IM-2
Response strategies are updated