Develop an organizational understanding to manage cyber security risk.
Develop and implement safeguards to ensure delivery of critical services and capabilities.
Develop and implement activities to identify the occurrence of a cybersecurity event.
Develop and implement activities to take action regarding a detected cybersecurity incident.
Maintain plans for resilience and to restore any capabilities affected by a cyber security incident.