Comms & Restore
Communicate recovery status and restore services.
8 of 9 frameworks cover this control
Framework Mappings
How Comms & Restore maps to each of the 6 cybersecurity frameworks tracked by ControlMap.
| Framework | Status | Control IDs |
|---|---|---|
| NIST CSF 2.0 | Covered | RC.CO-03 RC.CO-04 |
| ISO 27001 | Covered | A.5.5 A.5.30 |
| CIS v8 | Not Covered | — |
| SOC 2 | Covered | CC2.3 A1.2 |
| PCI DSS | Covered | 12.10.6 |
| CMMC | Covered | IR.L2-3.6.2 |
| 800-53 | Covered | CP-2 IR-4 |
| HIPAA | Covered | §164.308(a)(7)(ii)(C) |
| GDPR | Covered | Art.34(1) Art.32(1)(c) |
About Comms & Restore
Comms & Restore is a cybersecurity control in the Recover domain. Communicate recovery status and restore services. Recovery communication keeps stakeholders informed about service restoration progress, expected timelines, and any residual risks following a cybersecurity incident or disaster. This includes providing regular status updates to executive leadership, customers, and partners through pre-established communication channels, as well as coordinating with IT teams on service restoration sequencing based on business priority. Transparent and timely communication during recovery maintains stakeholder trust and helps manage expectations, while post-restoration verification ensures that all systems are functioning correctly before declaring full operational recovery.
This control is recognized by 8 of the 6 major frameworks: NIST CSF 2.0, ISO 27001, SOC 2, PCI DSS, CMMC, 800-53, HIPAA, GDPR. It is not covered by CIS v8, representing a potential gap for organizations relying solely on that framework.