Provides updated framework that addresses significant changes in policy and cyber operations
WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) published the draft National Cyber Incident Response Plan (NCIRP) Update today for public comment on the Federal Register. Through the Joint Cyber Defense Collaborative (JCDC) and in close coordination with the Office of the National Cyber Director (ONCD), this update addresses significant changes in policy and cyber operations since NCIRP was released in 2016.
The NCIRP is the nation’s strategic framework for coordinated response to cyber incidents along four lines of effort: Asset Response, Threat Response, Intelligence Support, and Affected Entity Response. It includes coordination mechanisms, key decision points, and priority activities across the cyber incident response lifecycle. The NCIRP also identifies structures that response stakeholders should leverage to coordinate cyber incidents requiring cross-sector, public-private, or federal coordination; however, it is not meant to be a step-by-step instruction manual.
CISA collaborated extensively with government and industry partners to provide an agile, actionable updated framework that ensures coherent coordination to match the pace of our adversaries. Key updates in this draft include:
- A defined path for non-federal stakeholders to participate in coordination of cyber incident response;
- Improved usability by streamlining content and aligning to an operational lifecycle;
- Relevant legal and policy changes impacting agency roles and responsibilities; and
- A predictable cycle for future updates of the NCIRP.
“Today’s increasingly complex threat environment demands that we have a seamless, agile, and effective incident response framework,” said CISA Director Jen Easterly. “This draft NCIRP Update leverages the lessons learned over the past several years to achieve a deeper unity of effort between the government and the private sector. We encourage public comment and feedback to help us ensure its maximum effectiveness.”
The draft is at National Cyber Incident Response Plan Update and public comments can be posted on the Federal Register, CISA-2024-0037.
For more information, read our blog and visit National Cyber Incident Response Plan webpage.
###
About CISA
As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.
Visit CISA.gov for more information and follow us on X, Facebook, LinkedIn, Instagram.