RC — Recover
8 outcomes in the Recover function
RC.RP-01The recovery portion of the incident response plan is executed once initiated from the incident response process
RC.RP-02Recovery actions are selected, scoped, prioritized, and performed
RC.RP-03The integrity of backups and other restoration assets is verified before using them for restoration
RC.RP-04Critical mission functions and cybersecurity risk management are considered to establish post-incident operational norms
RC.RP-05The integrity of restored assets is verified, systems and services are restored, and normal operating status is confirmed
RC.RP-06The end of incident recovery is declared based on criteria, and incident-related documentation is completed
RC.CO-03Recovery activities and progress in restoring operational capabilities are communicated to designated internal and external stakeholders
RC.CO-04Public updates on incident recovery are shared using approved methods and messaging