RS.CO-02
Internal and external stakeholders are notified of incidents
Implementation examples
- Ex1: Follow the organization's breach notification procedures after discovering a data breach incident, including notifying affected customers
- Ex2: Notify business partners and customers of incidents in accordance with contractual requirements
- Ex3: Notify law enforcement agencies and regulatory bodies of incidents based on criteria in the incident response plan and management approval
Mapped NIST 800-53 r5 controls (5)
All informative references (45)
- AI-SOC: AI-SOC-30
- AI-SOC: AI-SOC-12
- CCMv4.0: DSP-18
- CCMv4.0: SEF-02
- CCMv4.0: SEF-07
- CCMv4.0: SEF-08
- CIS Controls v8.0: 17.2
- CIS Controls v8.1: 17.2
- CRI Profile v2.0: RS.CO-02
- CRI Profile v2.0: RS.CO-02.01
- CRI Profile v2.0: RS.CO-02.02
- CRI Profile v2.0: RS.CO-02.03
- CSF v1.1: RS.CO-2
- CSF v1.1: RS.CO-3
- Guardian-SDK: GS-CF-02
- ISO/IEC 27001:2022: Mandatory Clause: 7.4
- ISO/IEC 27001:2022: Annex A Controls: 5.26
- NICE Framework: OG-WRL-006
- NICE Framework: OG-WRL-007
- NICE Framework: OG-WRL-008
- NICE Framework: OG-WRL-010
- NICE Framework: OG-WRL-015
- NICE Framework: PD-WRL-003
- OWASP Top 10 LLM Applications: LLM02-2025
- PCI DSS: 12.10.1
- PCI DSS: 12.10.3
- PCI DSS: 12.8.2
- PCI DSS: 12.8.5
- SCF: IRO-02
- SCF: IRO-10
- SCF: IRO-10.4
- SDOS: SDOS-AU-03
- SP 800-171 Rev 3: 03.06.01
- SP 800-171 Rev 3: 03.06.02
- SP 800-171 Rev 3: 03.17.03
- SP 800-53 Rev 5.1.1: IR-04
- SP 800-53 Rev 5.1.1: IR-06
- SP 800-53 Rev 5.1.1: IR-07
- SP 800-53 Rev 5.1.1: SR-03
- SP 800-53 Rev 5.1.1: SR-08
- SP 800-53 Rev 5.2.0: IR-04
- SP 800-53 Rev 5.2.0: IR-06
- SP 800-53 Rev 5.2.0: IR-07
- SP 800-53 Rev 5.2.0: SR-03
- SP 800-53 Rev 5.2.0: SR-08
Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).