RS.MI-01 - Containing Cybersecurity Incidents
RS.MI-01 focuses on containing incidents to prevent their expansion, using automated tools like antivirus or manual actions by responders to isolate threats. This can involve third-party assistance (e.g., ISPs) or redirecting compromised endpoints to remediation VLANs, limiting damage. It stops incidents from spreading further.
This subcategory aligns containment with risk priorities, ensuring rapid action protects critical assets and minimizes disruption. It supports a proactive stance by leveraging both technology and human intervention as needed. RS.MI-01 is the first line of defense in incident mitigation.
