NIST CSF 2.0 · All Functions · RC Recover · RC.RP Incident Recovery Plan Execution

RC.RP-04

Critical mission functions and cybersecurity risk management are considered to establish post-incident operational norms

Implementation examples

Ex1: Use business impact and system categorization records (including service delivery objectives) to validate that essential services are restored in the appropriate order
Ex2: Work with system owners to confirm the successful restoration of systems and the return to normal operations
Ex3: Monitor the performance of restored systems to verify the adequacy of the restoration

Mapped NIST 800-53 r5 controls (5)

IR-01 IR-08 PM-08 PM-09 PM-11

All informative references (34)

AI-SOC: AI-SOC-25
AI-SOC: AI-SOC-24
CRI Profile v2.0: RC.RP-04
CRI Profile v2.0: RC.RP-04.01
ISO/IEC 27001:2022: Mandatory Clause: 8.1
ISO/IEC 27001:2022: Annex A Controls: None
NICE Framework: DD-WRL-002
NICE Framework: IO-WRL-005
NICE Framework: OG-WRL-011
NICE Framework: OG-WRL-014
NICE Framework: OG-WRL-015
NICE Framework: PD-WRL-003
OWASP Top 10 LLM Applications: LLM09-2025
PCI DSS: 12.10.1
PCI DSS: 12.5.1
PCI DSS: 1.2.3
PCI DSS: 1.2.4
PCI DSS: 10.2.1
SCF: BCD-01
SCF: BCD-01.4
SCF: BCD-02
SCF: BCD-02.1
SP 800-171 Rev 3: 03.06.05
SP 800-171 Rev 3: 03.15.01
SP 800-53 Rev 5.1.1: PM-08
SP 800-53 Rev 5.1.1: PM-09
SP 800-53 Rev 5.1.1: PM-11
SP 800-53 Rev 5.1.1: IR-01
SP 800-53 Rev 5.1.1: IR-08
SP 800-53 Rev 5.2.0: PM-08
SP 800-53 Rev 5.2.0: PM-09
SP 800-53 Rev 5.2.0: PM-11
SP 800-53 Rev 5.2.0: IR-01
SP 800-53 Rev 5.2.0: IR-08

Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).