NIST Cybersecurity Framework v1.1

The Framework describes a set of security outcomes to achieve and breaks those into three levels of increasing detail: Functions, Categories, and Subcategories. Further each Subcategory contains Informative References. Informative References are materials from other publications that can provide the implementation guidance to achieve those outcomes.

Informative References

Informative references are a cross-reference to a control set that can be used to implement a security outcome described by the framework element.

    FunctionCategorySubcategory
    Respond
    (RS)
    		RS.MI: MitigationRS.MI-3: Newly identified vulnerabilities are mitigated or documented as accepted risks
    RS.RP: Response PlanningRS.RP-1: Response plan is executed during or after an incident
    Recover
    (RC)
    		RC.CO: CommunicationsRC.CO-1: Public relations are managed
    RC.CO-2: Reputation is repaired after an incident
    RC.CO-3: Recovery activities are communicated to internal and external stakeholders as well as executive and management teams
    RC.IM: ImprovementsRC.IM-1: Recovery plans incorporate lessons learned
    RC.IM-2: Recovery strategies are updated
    RC.RP: Recovery PlanningRC.RP-1: Recovery plan is executed during or after a cybersecurity incident