The goal of the Recover function is to develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident.
The Recover Function supports timely recovery to normal operations to reduce the impact from a cybersecurity incident. Examples of outcome Categories within this Function include: Recovery Planning; Improvements; and Communications.
Restoration activities are coordinated with internal and external parties (e.g. coordinating centers, Internet Service Providers, owners of attacking systems, victims, other CSIRTs, and vendors).
Recovery planning and processes are improved by incorporating lessons learned into future activities.
Recovery processes and procedures are executed and maintained to ensure restoration of systems or assets affected by cybersecurity incidents.