NIST CSF 2.0 Category

RS.IM Incident Response Improvements

RS Respond | Translate incident lessons into stronger controls and faster response.

Implementation Objective

Institutionalize continuous response improvement by closing corrective actions and preventing repeat incident patterns.

Implementation Actions

Run after-action review cadence.
Update runbooks and detections.
Track corrective actions to completion.

Evidence Examples

After-action reports
Runbook updates
Corrective action log

Suggested Metrics

Corrective action closure
Repeat incident frequency

Framework Crosswalk

Direct mappings for this CSF category into NIST SP 800-171 family sections and CIS Controls v8 implementation domains.

NIST SP 800-171 Families

CIS Controls v8

Navigation

Back to NIST CSF 2.0 Categories CIS Controls v8 Guidance FedRAMP Guidance Cybersecurity Glossary