DHS recently released the refreshed National Cyber Incident Response Plan (NCIRP).
Since the last version of the NCIRP was released in 2010, the nation has increasingly faced more complex cyber incidents. Every day, incidents across the United States necessitate that jurisdictions and organizations work together to share resources, integrate tactics and take actions to meet the needs of communities before, during, and after cyber incidents. The NCIRP provides a consistent and common approach and vocabulary to enable the whole community to work together to manage cyber incidents seamlessly.
This plan expands on recent policy updates, such as the Presidential Policy Directive/PPD-41, to clarify the Federal Government’s roles and responsibilities for preparing for, responding to, and recovering from significant cyber incidents. It describes a national approach to cyber incidents, and explains the important role that the private sector, states, and multiple federal agencies play in incident response and how those activities fit together.