RC.CO-04: Public updates on incident recovery are shared using approved methods and messaging

Info icon.

Subcategory is new to this version of the framework and incorporates the following items from the previous version: RS.CO-2: Incidents are reported consistent with established criteria, RC.CO-1: Public relations are managed.


[csf.tools Note: Subcategories do not have detailed descriptions. However NIST has provided the following implementation examples.]

Implementation Examples

1st: 1st Party Risk

Ex1: Follow the organization's breach notification procedures for recovering from a data breach incident

Ex2: Explain the steps being taken to recover from the incident and to prevent a recurrence