The National Institute of Standards and Technology has released updated guidance outlining ways to incorporate incident recommendations and considerations into cybersecurity risk management activities in alignment with the second iteration of its Cybersecurity Framework, or CSF 2.0.
NIST said Thursday the Special Publication 800-61 Revision 3 seeks to help organizations mitigate the impact of cyber incidents and enhance the efficiency and effectiveness of their incident detection, response and recovery efforts.
Table of Contents
Incident Response Life Cycle Model Based on 6 CSF 2.0 Functions
The publication presents an updated incident response life cycle model based on the six functions of CSF 2.0: govern, identify, protect, detect, respond and recover.
According to NIST, the govern, identify and protect functions help organizations prevent cybersecurity incidents, prepare to manage incidents that occur, reduce the impact of such incidents and enhance incident response and cyber risk management practices based on lessons learned.
Meanwhile, the detect, respond and recover functions seek to help organizations discover, prioritize, manage and recover from cyber incidents, as well as conduct incident reporting, notification and other incident-related communications.
CSF 2.0 Community Profile
The document includes a section defining NIST’s CSF 2.0 Community Profile for cyber incident risk management.
According to NIST, the profile uses the CSF Core as the basis for prioritizing cyber outcomes that are key to incident response, offers recommendations and gives other supporting information on certain CSF outcomes within the context of incident response.
Attend the Potomac Officers Club’s 2025 Cyber Summit on May 15 and hear experts discuss new cyber policies, modernization strategies and more. Register now!
Related Articles
Gregory Barbaccia, federal chief information officer and a 2025 Wash100 awardee, has shared his insights on how the federal government should advance digital transformation. “I notice a lot of the government considers itself to be ‘digital,’ but in reality, we’ve only digitized, not transformed. Sure we went 0-1, but that should have just been the beginning,” Barbaccia wrote in a LinkedIn post. He noted the lack of automation and that workflows remain unchanged despite the replacement of paper ledgers with spreadsheets. “Files are shared over email instead of through real-time collaboration tools,” he added. Advancing Digital Transformation in Federal Government
The Federal Communications Commission has adopted new rules that seek to eliminate unnecessary paperwork and address regulatory barriers to the ground-station-as-a-service, or GSaaS, business model as part of efforts to drive innovation in the U.S. space economy. FCC said Thursday the new rules establish a process for ground station operators to secure a baseline license without first identifying a satellite point of communication. A simple FCC notification will be required for each new point of communication. According to FCC, the change would eliminate nearly half of earth station modification applications. “Making the smallest change to a satellite system or earth
The General Services Administration has announced a OneGov agreement with Amazon Web Services that will provide up to $1 billion in direct incentive credits to federal civilian agencies. According to GSA, the direct incentive credits, aggregated across the agencies, will include savings on core AWS cloud services through AWS credits, infrastructure and application technologies modernization through AWS modernization credits, access to AWS training and certification through training credits and a streamlined engagement model with greater savings for direct contracts through direct partnerships. Advancing America’s AI Leadership The agreement is expected to accelerate large-scale IT transformation and boost AI innovation across