RC.RP-06
The end of incident recovery is declared based on criteria, and incident-related documentation is completed
Implementation examples
- Ex1: Prepare an after-action report that documents the incident itself, the response and recovery actions taken, and lessons learned
- Ex2: Declare the end of incident recovery once the criteria are met
Mapped NIST 800-53 r5 controls (2)
All informative references (26)
- CRI Profile v2.0: RC.RP-06
- CRI Profile v2.0: RC.RP-06.01
- ISO/IEC 27001:2022: Mandatory Clause: None
- ISO/IEC 27001:2022: Annex A Controls: 5.27
- ISO/IEC 27001:2022: Annex A Controls: 8.13
- NICE Framework: DD-WRL-002
- NICE Framework: IO-WRL-005
- NICE Framework: OG-WRL-007
- NICE Framework: OG-WRL-010
- NICE Framework: OG-WRL-014
- NICE Framework: OG-WRL-015
- NICE Framework: PD-WRL-003
- PCI DSS: 12.10.6
- PCI DSS: 12.10.2
- PCI DSS: 10.5.1
- SCF: IRO-02
- SCF: IRO-09
- SDOS: SDOS-AU-01
- SDOS: SDOS-IN-01
- SDOS: SDOS-IN-03
- SP 800-171 Rev 3: 03.06.01
- SP 800-171 Rev 3: 03.06.05
- SP 800-53 Rev 5.1.1: IR-04
- SP 800-53 Rev 5.1.1: IR-08
- SP 800-53 Rev 5.2.0: IR-04
- SP 800-53 Rev 5.2.0: IR-08
Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).