NIST Cybersecurity Framework Respond Function

NIST describes the NIST Cybersecurity Framework (NIST CSF) Respond function as follows:

  • Respond

The Respond Function includes appropriate activities to take action regarding a detected cybersecurity incident. The Respond Function supports the ability to contain the impact of a potential cybersecurity incident.

Examples of outcome Categories within this Function include:

  • Ensuring Response Planning process are executed during and after an incident

  • Managing Communications during and after an event with stakeholders, law enforcement, external stakeholders as appropriate

  • Analysis is conducted to ensure effective response and support recovery activities including forensic analysis, and determining the impact of incidents

  • Mitigation activities are performed to prevent expansion of an event and to resolve the incident

  • The organization implements Improvements by incorporating lessons learned from current and previous detection / response activities


NIST - National Institute of Standards and Technology. The Five Functions. By NIST. Available at: Accessed: 11/1/2021.