Cyber Posture

NIST CSF 2.0 · All Functions · RC Recover

RC.RP — Incident Recovery Plan Execution

Restoration activities are performed to ensure operational availability of systems and services affected by cybersecurity incidents

RC.RP-01

The recovery portion of the incident response plan is executed once initiated from the incident response process

2 implementation example(s) · 3 mapped NIST 800-53 control(s)

RC.RP-02

Recovery actions are selected, scoped, prioritized, and performed

2 implementation example(s) · 3 mapped NIST 800-53 control(s)

RC.RP-03

The integrity of backups and other restoration assets is verified before using them for restoration

1 implementation example(s) · 3 mapped NIST 800-53 control(s)

RC.RP-04

Critical mission functions and cybersecurity risk management are considered to establish post-incident operational norms

3 implementation example(s) · 5 mapped NIST 800-53 control(s)

RC.RP-05

The integrity of restored assets is verified, systems and services are restored, and normal operating status is confirmed

2 implementation example(s) · 1 mapped NIST 800-53 control(s)

RC.RP-06

The end of incident recovery is declared based on criteria, and incident-related documentation is completed

2 implementation example(s) · 2 mapped NIST 800-53 control(s)

Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).