NIST CSF 2.0 · All Functions · RS Respond

RS.AN — Incident Analysis

Investigations are conducted to ensure effective response and support forensics and recovery activities

RS.AN-03

Analysis is performed to establish what has taken place during an incident and the root cause of the incident

4 implementation example(s) · 3 mapped NIST 800-53 control(s)

RS.AN-06

Actions performed during an investigation are recorded, and the records' integrity and provenance are preserved

2 implementation example(s) · 3 mapped NIST 800-53 control(s)

RS.AN-07

Incident data and metadata are collected, and their integrity and provenance are preserved

1 implementation example(s) · 3 mapped NIST 800-53 control(s)

RS.AN-08

An incident's magnitude is estimated and validated

2 implementation example(s) · 4 mapped NIST 800-53 control(s)

Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).