NIST CSF 2.0 · All Functions · RS Respond · RS.CO Incident Response Reporting and Communication

RS.CO-03

Implementation examples

• Ex1: Securely share information consistent with response plans and information sharing agreements
• Ex2: Voluntarily share information about an attacker's observed TTPs, with all sensitive data removed, with an Information Sharing and Analysis Center (ISAC)
• Ex3: Notify HR when malicious insider activity occurs
• Ex4: Regularly update senior leadership on the status of major incidents
• Ex5: Follow the rules and protocols defined in contracts for incident information sharing between the organization and its suppliers
• Ex6: Coordinate crisis communication methods between the organization and its critical suppliers

Mapped NIST 800-53 r5 controls (5)

All informative references (46)

• AI-SOC: AI-SOC-30
• AI-SOC: AI-SOC-12
• CCMv4.0: BCR-07
• CCMv4.0: DSP-18
• CCMv4.0: SEF-07
• CCMv4.0: SEF-08
• CIS Controls v8.0: 17.2
• CIS Controls v8.1: 17.2
• CRI Profile v2.0: RS.CO-03
• CRI Profile v2.0: RS.CO-03.01
• CRI Profile v2.0: RS.CO-03.02
• CSF v1.1: RS.CO-3
• CSF v1.1: RS.CO-5
• ISO/IEC 27001:2022: Mandatory Clause: 7.4
• ISO/IEC 27001:2022: Annex A Controls: 5.26
• NICE Framework: OG-WRL-006
• NICE Framework: OG-WRL-007
• NICE Framework: OG-WRL-008
• NICE Framework: OG-WRL-010
• NICE Framework: OG-WRL-015
• NICE Framework: PD-WRL-003
• OWASP Top 10 LLM Applications: LLM02-2025
• OWASP Top 10 LLM Applications: LLM03-2025
• PCI DSS: 12.10.1
• PCI DSS: 12.8.2
• PCI DSS: 12.8.4
• PCI DSS: 12.10.6
• SCF: IRO-02
• SCF: IRO-10
• SCF: IRO-10.4
• SDOS: SDOS-AU-03
• SP 800-171 Rev 3: 03.06.01
• SP 800-171 Rev 3: 03.06.02
• SP 800-171 Rev 3: 03.17.03
• SP 800-53 Rev 5.1.1: IR-04
• SP 800-53 Rev 5.1.1: IR-06
• SP 800-53 Rev 5.1.1: IR-07
• SP 800-53 Rev 5.1.1: SR-03
• SP 800-53 Rev 5.1.1: SR-08
• SP 800-53 Rev 5.2.0: IR-04
• SP 800-53 Rev 5.2.0: IR-06
• SP 800-53 Rev 5.2.0: IR-07
• SP 800-53 Rev 5.2.0: SR-03
• SP 800-53 Rev 5.2.0: SR-08
• SP 800-81r3: 2.3.3
• SP 800-81r3: 3.4.2

Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).