NIST SP 800-61 Rev. 3 Incident Response Recommendations and Considerations for Cybersecurity Risk Management: A CSF 2.0 Community Profile

NIST SP 800-61 Revision 3, titled Incident Response Recommendations and Considerations for Cybersecurity Risk Management: A CSF 2.0 Community Profile, provides updated guidance to help organizations integrate incident response into their overall cybersecurity risk management, as structured by the NIST Cybersecurity Framework (CSF) 2.0. This revision introduces a new incident response life cycle model that aligns with all six CSF 2.0 Functions—Govern, Identify, Protect, Detect, Respond, and Recover—emphasizing that incident response is not isolated but interconnected with broader risk management activities. The document offers practical recommendations, such as incorporating lessons learned from past incidents, evaluating and improving incident response programs, managing supply chain risks, and establishing clear processes for vulnerability disclosure and risk response. By embedding incident response within the entire cybersecurity lifecycle, organizations can better prepare for, detect, respond to, and recover from incidents, while continuously improving their resilience against evolving cyber threats.