RS.MI-01: Incidents are contained

Previous Version:

Description

[csf.tools Note: Subcategories do not have detailed descriptions. However NIST has provided the following implementation examples.]

Implementation Examples

1st: 1st Party Risk

3rd: 3rd Party Risk

Ex1: Cybersecurity technologies (e.g., antivirus software) and cybersecurity features of other technologies (e.g., operating systems, network infrastructure devices) automatically perform containment actions

Ex2: Allow incident responders to manually select and perform containment actions

Ex3: Allow a third party (e.g., internet service provider, managed security service provider) to perform containment actions on behalf of the organization

Ex4: Automatically transfer compromised endpoints to a remediation virtual local area network (VLAN)