RS.MI-02 - Eradicating Incident Threats
RS.MI-02 ensures incidents are fully eradicated, removing threats like malware or unauthorized access through automated system features or manual responder actions. This can involve third-party support, such as MSSPs, to eliminate root causes and residual risks. It restores systems to a secure state.
This subcategory aligns eradication with risk goals, ensuring complete threat removal to prevent recurrence, balancing speed with thoroughness. It supports recovery by clearing the path for safe restoration. RS.MI-02 finalizes the mitigation process with decisive action.
