RS — Respond
Actions regarding a detected cybersecurity incident are taken
RS.AN Incident Analysis
Investigations are conducted to ensure effective response and support forensics and recovery activities
RS.CO Incident Response Reporting and Communication
Response activities are coordinated with internal and external stakeholders as required by laws, regulations, or policies
RS.MA Incident Management
Responses to detected cybersecurity incidents are managed
RS.MI Incident Mitigation
Activities are performed to prevent expansion of an event and mitigate its effects
Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).