The National Institute of Standards and Technology (NIST) has released a long-awaited update to its incident response guidance: Special Publication 800-61 Revision 3 (SP 800-61r3). This new version, titled “Incident Response Recommendations and Considerations for Cybersecurity Risk Management,” aligns closely with the latest Cybersecurity Framework (CSF) 2.0, marking a significant evolution in how organizations should prepare for, respond to, and recover from cyber incidents.
The main goal behind this? To help organizations manage cybersecurity incidents as part of their overall risk management, not just react to them, but plan for them in a smart, structured way.
NIST Updated Incident Response Guide: The Back Story
In February 2024, NIST updated its Cybersecurity Framework, now called CSF 2.0. This version helps organizations understand different types of cybersecurity risks and how to build stronger protection, respond better to attacks, and recover more effectively. Then, in April 2025, NIST released a follow-up guide called “Incident Response Recommendations and Considerations for Cybersecurity Risk Management.” This new guide takes the big ideas from CSF 2.0…
