The organization identifies [organization-defined classes of incidents] and [organization-defined actions to take in response to classes of incidents] to ensure continuation of organizational missions and business functions.
Supplemental
Classes of incidents include, for example, malfunctions due to design/implementation errors and omissions, targeted malicious attacks, and untargeted malicious attacks. Appropriate incident response actions include, for example, graceful degradation, information system shutdown, fall back to manual mode/alternative technology whereby the system operates differently, employing deceptive measures, alternate information flows, or operating in a mode that is reserved solely for when systems are under attack.