LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

What is the purpose of the Respond function in the NIST CSF, and what are typical outcomes?

Respond covers the actions taken regarding a detected cybersecurity incident to minimize its impact.

Example outcomes:

  • Response Planning (RS.RP) — response plans are executed during and after an incident (not just written and shelved)
  • Communications (RS.CO) — managing internal and external communication during/after an event: who informs management, customers, regulators, law enforcement?
  • Analysis (RS.AN) — investigating to understand scope and root cause, and analyzing the effectiveness of response activities

Plus Mitigation (RS.MI) — containing and eradicating the incident — and Improvements (RS.IM) — feeding lessons learned back into plans.

Tip: Communication is the most underestimated category here. Technical containment often succeeds while the company still suffers massive damage from chaotic crisis communication — late breach notifications can themselves break laws (e.g. GDPR's 72-hour rule).

Go deeper:

From Quiz: ISM / Frameworks — NIST CSF & IKT Minimalstandard | Updated: Jul 05, 2026