During the Biden administration, there was a push to prioritize and modernize cybersecurity responses, and the National Institute of Standards and Technology (NIST) agreed to work with the technology industry to develop a new cybersecurity framework. Now, those promises have come to fruition as NIST has provided updated industry-leading guidance in the cybersecurity field.
In February 2024, NIST released updated guidance to its Cybersecurity Framework (CSF 2.0). The goal of CSF 2.0 is to set forth a high-level taxonomy of cybersecurity risks and how organizations can improve its cybersecurity programs, its responses to cyber-attacks, and its post-attack outcomes. NIST’s newest guidance, Incident Response Recommendations and Considerations for Cybersecurity Risk Management, was released in April 2025 and drills down the general guidance in CSF 2.0 into more specific action items for companies to undertake to improve their cybersecurity response.
Understanding the Incident Response Life Cycle
The latest guidance sets forth six principles for companies to consider when planning for incident response to ensure efficient programs are identified, in place, and ready…
