Saturday, February 11, 2012

New NIST draft document - Computer Security Incident Handling Guide

NIST released a new draft document on Computer Security Incident Handling. This is the second version of the original document that was released in 2008.
This publication seeks to assist organizations in mitigating the risks from computer security incidents by providing practical guidelines on responding to incidents effectively and efficiently. It includes guidelines on establishing an effective incident response program, but the primary focus of the document is detecting, analyzing, prioritizing, and handling incidents. 

It is a great reference document for folks trying to implement a new program and for folks to tweak their existing program.
Here is a list of major recommendations:
  • Organizations must create, provision, and operate a formal incident response capability. Federal law requires Federal agencies to report incidents to the United States Computer Emergency Readiness Team (US-CERT) office within the Department of Homeland Security.
  • Organizations should reduce the frequency of incidents by effectively securing networks, systems, and applications.
  • Organizations should document their guidelines for interactions with other organizations regarding incidents.
  • Organizations should prepare generally to handle any type of incident and more specifically to handle common incident types.
  • Organizations should create written guidelines for prioritizing incidents.
  • Organizations should use the lessons learned process to gain value from incidents.
The document is available from the following link

NIST requests comments on this document by March 16th, 2012. If you would like to submit comments, submit it to "" with "Comments SP 800-61" in the subject line.