The National Institute of Standards and Technology (NIST) is seeking industry comment on incident response recommendations that make up part of the agency’s latest draft of its NIST Cybersecurity Framework (CSF) 2.0.
The public draft – titled Incident Response Recommendations and Considerations for Cybersecurity Risk Management: A CSF 2.0 Community Profile, was published by NIST on April 3. The agency is seeking public comments on the draft through May 20.
“This publication seeks to assist organizations with incorporating cybersecurity incident response recommendations and considerations throughout their cybersecurity risk management activities, as described by CSF 2.0.,” stated NIST.
“Doing so can help organizations prepare for incident responses, reduce the number and impact of incidents that occur, and improve the efficiency and effectiveness of their incident detection, response, and recovery activities,” the agency said.
The publication aims to improve organizations’ cybersecurity capabilities by providing a series of common taxonomies that can be utilized both within and outside organizations to communicate about cybersecurity issues and incidents.
The documents also outline a series of cybersecurity situations that organizations might face and categorize them based on the level of severity they have on their cybersecurity infrastructure, while providing recommendations to deal with them.
“While it is impossible to have detailed procedures for every possible situation, organizations should consider documenting procedures for responding to the most common types of incidents and threats,” said NIST.
“Organizations should also develop and maintain procedures for particularly important processes that may be urgently needed during emergency situations, like redeploying the organization’s primary authentication platform,” the agency said.
