Skip to content
Home / Function (NIST CSF 2.0) / RC - Recover / RP - Incident Recovery

ANSSI Cyber attacks and remediation : The keys to decision-making

The ANSSI publication “Cyber attacks and remediation: The keys to decision-making” provides a comprehensive conceptual framework for managing remediation operations after a major cyber incident compromising an information system. It defines remediation as the process of regaining control of a compromised system and restoring it to an operational state essential for organizational survival. The framework is structured around three main phases—Containment, Eviction, and Eradication—collectively known as CEER, supported by parallel reconstruction activities to rebuild compromised infrastructure. The document emphasizes the importance of aligning remediation efforts with strategic objectives set by senior management, breaking these down into operational goals, mobilizing resources, and coordinating sub-projects. It also outlines three standard remediation scenarios reflecting different priorities: rapid restoration of critical services, controlled recovery of the system, and leveraging remediation to enhance long-term security and resilience. The guide stresses that remediation is part of a broader incident response process, supplementing crisis management and investigation, and highlights the necessity of continuous communication with decision-makers throughout the remediation project.


Publication's URL

https://cyber.gouv.fr/en/publications/cyber-attacks-and-remediation-keys-decision-making

Additional documents on this topic



How would you rate this document ?

Click on a star to rate it!

What do you think of this document?

Your email address will not be published. Required fields are marked *