| Code Value |
Definition |
| Lesson Learned Defense | An improvement that can be made to lower the mean time to defense |
| Lesson Learned Defensive Measures | A defensive measure that can be implemented to prevent similar incidents |
| Lesson Learned Discovery Method | An improvement that can be made to lower the mean time to detection |
| Lesson Learned Effective Analysis Improvement | An improvement that can be made to lower the mean time to effective analysis |
| Lesson Learned Future Watch Indicator | A precursor or indicator that should be watched for in the future to detect similar incidents |
| Lesson Learned Information Handling | An improvement that can be made to the incident handling process |
| Lesson Learned Information Needs | Information that could help with an incident, if provided in a timely manner |
| Lesson Learned Information Sharing | An improvement that can be made to the information sharing process |
| Lesson Learned Information Source | A source of information that could help with an incident |
| Lesson Learned Reporting | An improvement that can be made to lower the mean time to reporting |
| Lesson Learned Resource Need | An additional tool or resource that are needed to detect, analyze, and mitigate future incidents |
| Lesson Learned Response | An improvement that can be made to lower the mean time to response |