πΌ RS.MI-01: Incidents are contained
- Contextual name: πΌ RS.MI-01: Incidents are contained
- ID:
/frameworks/nist-csf-v2.0/rs-mi/01 - Located in: πΌ Incident Mitigation (RS.MI)
Descriptionβ
- Cybersecurity technologies (e.g., antivirus software) and cybersecurity features of other technologies (e.g., operating systems, network infrastructure devices) automatically perform containment actions
- Allow incident responders to manually select and perform containment actions
- Allow a third party (e.g., internet service provider, managed security service provider) to perform containment actions on behalf of the organization
- Automatically transfer compromised endpoints to a remediation virtual local area network (VLAN)
Similarβ
- Sections
/frameworks/nist-csf-v1.1/rs-mi/01/frameworks/nist-sp-800-53-r5/ir/04
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ NIST CSF v1.1 β πΌ RS.MI-1: Incidents are contained | 7 | 7 | ||
| πΌ NIST SP 800-53 Revision 5 β πΌ IR-4 Incident Handling | 15 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|
Policies (7)β
| Policy | Logic Count | Flags |
|---|---|---|
| π Azure Subscription Microsoft Defender For (Managed Instance) Azure SQL Databases is not set to On π’ | 1 | π’ x6 |
| π Azure Subscription Microsoft Defender For App Services is not set to On π’ | 1 | π’ x6 |
| π Azure Subscription Microsoft Defender For Containers is not set to On π’ | 1 | π’ x6 |
| π Azure Subscription Microsoft Defender For Key Vault is not set to On π’ | 1 | π’ x6 |
| π Azure Subscription Microsoft Defender For Servers is not set to On π’ | 1 | π’ x6 |
| π Azure Subscription Microsoft Defender For SQL Servers On Machines is not set to On π’ | 1 | π’ x6 |
| π Azure Subscription Microsoft Defender For Storage is not set to On π’ | 1 | π’ x6 |