- ID:
This column contains the ID of the category being described and its connection with that particular function. e.g. Function: 'RC' points to the category "RP (Incident Recovery Plan Execution)", leading to the ID of that category being "RC.RP".
- CATEGORY:
This column describes the key focus of the organization in that particular category. e.g. For the category 'RC.RP', "Incident Recovery Plan Execution" is the key area of focus.
- METHODOLOGY:
Describes the methods and considerations the organization should carry out its risk assessment pertinet to the category being considered. e.g RC.RP describes the timely restoration of services.
- SUB CATEGORY ID:
List the various sub-categories related to that specific category. e.g RC.RP (category) --> RC.RP-1, RC.RP-2, RC.RP-3, RC.RP-4, RC.RP-5, RC.RP-6 (Sub-Category).
- SUB CATEGORY DESCRIPTION:
This column describes each sub-category 'ID' e.g. RC.RP-1 has its own description, which is different from RC.RP-2.
- SUB CATEGORY MODIFICATIONS:
This column, contains the sub-category that "WITHDRAWN", The sub category, that was "NEWLY ADDED OR INTRODUCED" and where the withdrawn category was "MOVED TO".
RECOVER function focuses on the need to put inplace and execute essential activities that maintain resilience, and restore business operations, affected by the cybersecurity incident.
Below is listed the various Sub-categories of the "Identify Function" in planning your organization's risk assessment for its critical infrastructures.
RC.IM-->ID.IM.
RC.IM: RC.IM-1, RC.IM-2.
RC.IM:
(RC.IM-1)-->(ID.IM-3 & ID.IM-4),(RC.IM-2)-->(ID.IM-3).
| ID | CATEGORY | METHODOLOGY | SUB CATEGORY ID | SUB CATEGORY DESCRIPTION | SUB CATEGORY MODIFICATIONS |
| RC.RP | Incident Recovery Plan Execution. | Service Restoration:
Activities to restore service are carried out, and maintained to ensure a timely restoration of organizations systems, network, and assets which are impacted by a cybersecurity events (cyber breach or attack). |
RC.RP-1, RC.RP-2, RC.RP-3, RC.RP-4, RC.RP-5, RC.RP-6. |
RC.RP-1: The recovery aspect of the incident response plan is executed once initiated from the incident response process. RC.RP-2: Recovery actions are selected, scoped, prioritized, and performed. RC.RP-3: All backups, and other restoration assets are to be verified before using them to conduct restoration. RC.RP-4: All critical missions functions, and cybersecurity risk management are considered to establish post-incident operational norms. RC.RP-5: The integrity of all assets that are restored is to be verified, systems and services are to be restored and normal operational status is to be confirmed. RC.RP-6: The completion of the incident recovery is declared based on criterias, and incident related document is completed. |
WITHDRAWN (N/A). NEWLY ADDED RC.RP-2, RC.RP-3, RC.RP-4, RC.RP-5, RC.RP-6. MOVED TO (N/A). |
| RC.CO | Incident Recovery Communication. | Coordinating Restoration:
Internal and External parties are involved in coordinating the restoration activities. |
RC.CO-3, RC.CO-4. |
RC.CO-3: Recovery events and the process involved in the restoration of operational capabilities are communicated to the appropriate internal and external parties(stakeholders). RC.CO-4: Updates on incident recovery are publicly shared using approved methods and messaging. |
WITHDRAWN RC.CO-1,RC.CO-2 NEWLY ADDED RC.CO-4. MOVED TO RC.CO-4. |