Incident Recovery Plan Execution (RC.RP)

Restoration activities are performed to ensure operational availability of systems and services affected by cybersecurity incidents

Subcategories

The recovery portion of the incident response plan is executed once initiated from the incident response process

Recovery actions are selected, scoped, prioritized, and performed

The integrity of backups and other restoration assets is verified before using them for restoration

Critical mission functions and cybersecurity risk management are considered to establish post-incident operational norms

The integrity of restored assets is verified, systems and services are restored, and normal operating status is confirmed

The end of incident recovery is declared based on criteria, and incident-related documentation is completed

Frameworks and Controls

NIST Cybersecurity Framework V2.0