A
recovery control restores systems and operations to normal after a security incident — backups, DRP, hot/warm/cold sites, system reimaging, clean restore procedures.
Recovery controls are reactive — they restore after damage. Preventive controls stop damage. Detective controls identify damage. All three are needed. RTO and RPO define the requirements for recovery controls.