The Respond function of the NIST Cybersecurity Framework (CSF) focuses on activities to contain, mitigate, and eradicate incidents once detected.
Performing forensic analysis and eradicating malware (B) falls clearly within the Respond function.
(A) Discovering malicious activity is part of the Detect function.
(C) Restoring from backup is part of the Recover function.
(D) Limiting user access is a Preventive control under the Protect function.
GICSP training maps ICS security activities to the NIST CSF to guide structured incident response.
[Reference:, , GICSP Official Study Guide, Domain: ICS Security Operations & Incident Response, , NIST CSF Framework (Respond Function), , GICSP Training on Incident Handling and Response]
Submit