Summary: The National Institute of Standards and Technology (NIST) is seeking industry comment on incident response recommendations as part of its draft NIST Cybersecurity Framework (CSF) 2.0.
Threat Actor: N/A
Victim: N/A
Key Point :
- NIST has published a public draft titled “Incident Response Recommendations and Considerations for Cybersecurity Risk Management: A CSF 2.0 Community Profile” and is seeking public comments on the draft until May 20.
- The publication aims to assist organizations in incorporating incident response recommendations and considerations into their cybersecurity risk management activities, helping them prepare for incidents, reduce their impact, and improve their detection, response, and recovery activities.
- The draft provides common taxonomies to communicate about cybersecurity issues and incidents, outlines different cybersecurity situations organizations might face, categorizes them based on severity, and offers recommendations to deal with them.
- NIST advises organizations to document procedures for responding to common types of incidents and threats, as well as develop and maintain procedures for important processes that may be urgently needed during emergency situations.
The National Institute of Standards and Technology (NIST) is seeking industry comment on incident response recommendations that make up part of the agency’s latest draft of its NIST Cybersecurity Framework (CSF) 2.0.
The public draft – titled Incident Response Recommendations and Considerations for Cybersecurity Risk Management: A CSF 2.0 Community Profile, was published by NIST on April 3. The agency is seeking public comments on the draft through May 20.
“This publication seeks to assist organizations with incorporating cybersecurity incident response recommendations and considerations throughout their cybersecurity risk management activities, as described by CSF 2.0.,” stated NIST.
“Doing so can help organizations prepare for incident responses, reduce the number and impact of incidents that occur, and improve the efficiency and effectiveness of their incident detection, response, and recovery activities,” the agency said.
The publication aims to improve organizations’ cybersecurity capabilities by providing a series of common taxonomies that can be utilized both within and outside organizations to communicate about cybersecurity issues and incidents.
The documents also outline a series of cybersecurity situations that organizations might face and categorize them based on the level of severity they have on their cybersecurity infrastructure, while providing recommendations to deal with them.
“While it is impossible to have detailed procedures for every possible situation, organizations should consider documenting procedures for responding to the most common types of incidents and threats,” said NIST.
“Organizations should also develop and maintain procedures for particularly important processes that may be urgently needed during emergency situations, like redeploying the organization’s primary authentication platform,” the agency said.
Source: https://www.meritalk.com/articles/nist-seeks-input-on-cyber-risk-management-draft-2/
“An interesting youtube video that may be related to the article above”