NIST CSF 2.0 · All Functions · RC Recover · RC.CO Incident Recovery Communication

RC.CO-03

Recovery activities and progress in restoring operational capabilities are communicated to designated internal and external stakeholders

Implementation examples

Ex1: Securely share recovery information, including restoration progress, consistent with response plans and information sharing agreements
Ex2: Regularly update senior leadership on recovery status and restoration progress for major incidents
Ex3: Follow the rules and protocols defined in contracts for incident information sharing between the organization and its suppliers
Ex4: Coordinate crisis communication between the organization and its critical suppliers

Mapped NIST 800-53 r5 controls (3)

IR-04 IR-06 SR-08

All informative references (29)

CRI Profile v2.0: RC.CO-03
CRI Profile v2.0: RC.CO-03.01
CRI Profile v2.0: RC.CO-03.02
CSF v1.1: RC.CO-3
ISO/IEC 27001:2022: Mandatory Clause: 7.4
ISO/IEC 27001:2022: Annex A Controls: 5.28
NICE Framework: IO-WRL-005
NICE Framework: OG-WRL-006
NICE Framework: OG-WRL-007
NICE Framework: OG-WRL-008
NICE Framework: OG-WRL-010
NICE Framework: OG-WRL-011
NICE Framework: OG-WRL-015
NICE Framework: PD-WRL-003
PCI DSS: 12.10.1
PCI DSS: 12.10.3
PCI DSS: 12.8.2
PCI DSS: 12.8.4
SDOS: SDOS-AU-01
SDOS: SDOS-AU-03
SP 800-171 Rev 3: 03.06.01
SP 800-171 Rev 3: 03.06.02
SP 800-221A: GV.CO-1
SP 800-53 Rev 5.1.1: IR-04
SP 800-53 Rev 5.1.1: IR-06
SP 800-53 Rev 5.1.1: SR-08
SP 800-53 Rev 5.2.0: IR-04
SP 800-53 Rev 5.2.0: IR-06
SP 800-53 Rev 5.2.0: SR-08

Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).