NIST CSF 2.0 · All Functions · RS Respond

RS.MA — Incident Management

Responses to detected cybersecurity incidents are managed

RS.MA-01

The incident response plan is executed in coordination with relevant third parties once an incident is declared

4 implementation example(s) · 5 mapped NIST 800-53 control(s)

RS.MA-02

Incident reports are triaged and validated

2 implementation example(s) · 3 mapped NIST 800-53 control(s)

RS.MA-03

Incidents are categorized and prioritized

3 implementation example(s) · 3 mapped NIST 800-53 control(s)

RS.MA-04

Incidents are escalated or elevated as needed

2 implementation example(s) · 4 mapped NIST 800-53 control(s)

RS.MA-05

The criteria for initiating incident recovery are applied

2 implementation example(s) · 2 mapped NIST 800-53 control(s)

Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).