RS.MI-01:

Implementation Examples

Ex1:

Cybersecurity technologies (e.g., antivirus software) and cybersecurity features of other technologies (e.g., operating systems, network infrastructure devices) automatically perform containment actions

Ex2:

Allow incident responders to manually select and perform containment actions

Ex3:

Allow a third party (e.g., internet service provider, managed security service provider) to perform containment actions on behalf of the organization

Ex4:

Automatically transfer compromised endpoints to a remediation virtual local area network (VLAN)