Following last year’s release of an initial public draft for public comment, the U.S. National Institute of Standards and Technology (NIST) published this week finalized Special Publication (SP) 800-61 Revision 3. The document seeks to assist organizations with incorporating cybersecurity incident response recommendations and considerations throughout their cybersecurity risk management activities as described by the NIST Cybersecurity Framework (CSF) 2.0. NIST SP 800-61 Rev. 3 focuses on improving cybersecurity risk management for all of the NIST CSF 2.0 Functions to better support an organization’s incident response capabilities.
The scope of Rev. 3 differs significantly from previous versions. Due to the details of how to perform incident response activities changing so often and varying so much across technologies, environments, and organizations, it is no longer feasible to capture and maintain that information in a single static publication.
Doing so can help organizations prepare for incident responses, reduce the number and impact of incidents that occur, and improve the efficiency and effectiveness of their incident detection, response, and recovery…
