NIST Cybersecurity Framework Recover Function

NIST describes the NIST Cybersecurity Framework (NIST CSF) Recover function as follows:

  • Recover

The Recover Function identifies appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident. The Recover Function supports timely recovery to normal operations to reduce the impact from a cybersecurity incident.

Examples of outcome Categories within this Function include:

  • Ensuring the organization implements Recovery Planning processes and procedures to restore systems and/or assets affected by cybersecurity incidents

  • Implementing Improvements based on lessons learned and reviews of existing strategies

  • Internal and external Communications are coordinated during and following the recovery from a cybersecurity incident


NIST - National Institute of Standards and Technology. The Five Functions. By NIST. Available at: Accessed: 11/1/2021.