NIST CSF 2.0 Category

RS.AN Incident Analysis

RS Respond | Determine incident root cause, scope, and affected assets.

Implementation Objective

Produce defensible incident analysis that identifies cause, blast radius, and required corrective actions.

Implementation Actions

Build timeline and scope assessment.
Correlate host/network/identity evidence.
Document root cause and corrective actions.

Evidence Examples

Investigation reports
Forensic artifacts
Root cause records

Suggested Metrics

Investigation completion time
Incidents with validated root cause

Framework Crosswalk

Direct mappings for this CSF category into NIST SP 800-171 family sections and CIS Controls v8 implementation domains.

NIST SP 800-171 Families

CIS Controls v8

Navigation

Back to NIST CSF 2.0 Categories CIS Controls v8 Guidance FedRAMP Guidance Cybersecurity Glossary