Informative References

Informative references are a cross-reference to a control set that can be used to implement a security outcome described by the framework element.

    RS.MI: MitigationRS.MI-3: Newly identified vulnerabilities are mitigated or documented as accepted risks
    RS.RP: Response PlanningRS.RP-1: Response plan is executed during or after an incident
    RC.CO: CommunicationsRC.CO-1: Public relations are managed
    RC.CO-2: Reputation is repaired after an incident
    RC.CO-3: Recovery activities are communicated to internal and external stakeholders as well as executive and management teams
    RC.IM: ImprovementsRC.IM-1: Recovery plans incorporate lessons learned
    RC.IM-2: Recovery strategies are updated
    RC.RP: Recovery PlanningRC.RP-1: Recovery plan is executed during or after a cybersecurity incident