Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services
- Access Control
- Awareness and Training
- Data Security
- Information Protection Processes and
Procedures
- Maintenance
- Protective Technology
Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities
- Asset Management
- Business Environment
- Governance
- Risk Assessment
- Risk Management Strategy
Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event
- Anomalies and Events
- Security Continuous Monitoring
- Detection Processes
Develop and implement the appropriate activities to take action regarding a detected cybersecurity event
- Response Planning
- Communications
- Analysis
- Mitigation
- Improvements
Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event
- Recovery Planning
- Improvements
- Communications