NIST CSF 2.0 · All Functions · RS Respond · RS.MI Incident Mitigation

RS.MI-01

Implementation examples

• Ex1: Cybersecurity technologies (e.g., antivirus software) and cybersecurity features of other technologies (e.g., operating systems, network infrastructure devices) automatically perform containment actions
• Ex2: Allow incident responders to manually select and perform containment actions
• Ex3: Allow a third party (e.g., internet service provider, managed security service provider) to perform containment actions on behalf of the organization
• Ex4: Automatically transfer compromised endpoints to a remediation virtual local area network (VLAN)

Mapped NIST 800-53 r5 controls (1)

Mapped CWE weaknesses (1)

Hover any chip for the human-reviewed coverage assessment in each direction. ← = the CWE covers this subcategory; → = this subcategory covers the CWE. F / M / P = full, mostly, partial.

All informative references (41)

• AI-SOC: AI-SOC-07
• AI-SOC: AI-SOC-24
• BXAIOS: Chapter 7 - Deploy the Governor
• CCMv4.0: CEK-19
• CCMv4.0: CEK-20
• CCMv4.0: IVS-09
• CCMv4.0: SEF-02
• CCMv4.0: UEM-09
• CRI Profile v2.0: RS.MI-01
• CRI Profile v2.0: RS.MI-01.01
• CSF v1.1: RS.MI-1
• Guardian-SDK: GS-PF-01
• Guardian-SDK: GS-PO-01
• Guardian-SDK: GS-AG-01
• IRP: IRP-Sec-5
• IRP: IRP-Sec-5
• IRP: IRP-Sec-5
• ISO/IEC 27001:2022: Mandatory Clause: None
• ISO/IEC 27001:2022: Annex A Controls: 5.26
• NICE Framework: DD-WRL-001
• NICE Framework: IO-WRL-005
• NICE Framework: IO-WRL-007
• NICE Framework: OG-WRL-014
• NICE Framework: PD-WRL-003
• NICE Framework: PD-WRL-004
• OWASP Top 10 LLM Applications: LLM01-2025
• OWASP Top 10 LLM Applications: LLM04-2025
• OWASP Top 10 LLM Applications: LLM06-2025
• OWASP Top 10 LLM Applications: LLM10-2025
• PCI DSS: 12.10.1
• PCI DSS: 5.2.1
• PCI DSS: 5.2.2
• PCI DSS: 5.3.2
• SCF: IRO-02
• SDOS: SDOS-EN-01
• SDOS: SDOS-EN-03
• SDOS: SDOS-IN-02
• SP 800-171 Rev 3: 03.06.01
• SP 800-53 Rev 5.1.1: IR-04
• SP 800-53 Rev 5.2.0: IR-04
• SP 800-81r3: 3.6.3

Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).