Does your organization implement automated eradication capabilities within cybersecurity technologies and security features of other technologies?
Explanation
Automated eradication capabilities allow systems to automatically remove or neutralize identified threats without requiring manual intervention. Examples include anti-malware solutions that automatically quarantine or delete malicious files, intrusion prevention systems that block malicious traffic, and operating systems that automatically remove unauthorized applications or revert to secure configurations.
Evidence could include documentation of security tool configurations showing automated remediation settings, logs demonstrating automated eradication actions, or security architecture diagrams highlighting where automated controls are implemented across the technology stack.
Implementation Example
Cybersecurity technologies and cybersecurity features of other technologies (e.g., operating systems, network infrastructure devices) automatically perform eradication actions
ID: RS.MI-02.343
Context
- Function
- RS: RESPOND
- Category
- RS.MI: Incident Mitigation
- Sub-Category
- Incidents are eradicated
Related questions
- Do your cybersecurity technologies and security features in other systems automatically perform containment actions when threats are detected?
- Does your incident response process allow responders to manually select and execute containment actions during security incidents?
- Does your organization have formal agreements with third parties (e.g., ISPs, MSSPs) authorizing them to perform containment actions during security incidents?
- Does your organization automatically transfer compromised endpoints to a remediation VLAN for isolation and remediation?
- Does your incident response system allow authorized responders to manually select and execute eradication actions during security incidents?
- Does your organization have formal agreements in place with third-party security providers to perform incident eradication actions on your behalf?

