This is a potential security issue, you are being redirected to https://csrc.nist.gov.
You have JavaScript disabled. This site requires JavaScript to be enabled for complete site functionality.
In April 2025, NIST finalized Special Publication (SP) 800-61 Revision 3, Incident Response Recommendations and Considerations for Cybersecurity Risk Management: A CSF 2.0 Community Profile.
NIST SP 800-61 Revision 3 seeks to assist organizations with incorporating cybersecurity incident response recommendations and considerations throughout their cybersecurity risk management activities as described by the NIST Cybersecurity Framework (CSF) 2.0. Doing so can help organizations prepare for incident responses, reduce the number and impact of incidents that occur, and improve the efficiency and effectiveness of their incident detection, response, and recovery activities. This revision supersedes SP 800-61 Revision 2, Computer Security Incident Handling Guide .
The new incident response life cycle model used in this publication is shown in the figure. The bottom level reflects that the preparation activities of Govern, Identify, and Protect are not part of the incident response itself. Rather, they are much broader cybersecurity risk management activities that also support incident response. Incident response is shown in the top level of the figure: Detect, Respond, and Recover. Additionally, the need for continuous improvement is indicated as the middle level with the Improvement Category within the Identify Function and the dashed green lines. Lessons learned from performing all activities in all Functions are fed into Improvement, and those lessons are analyzed, prioritized, and used to inform all of the Functions.
Incident Response Preparation and Life Cycle
The scope of Revision 3 differs significantly from previous versions. Because the details of how to perform incident response activities change so often and vary so much across technologies, environments, and organizations, it is no longer feasible to capture and maintain that information in a single static publication. Instead, this version focuses on improving cybersecurity risk management for all of the NIST CSF 2.0 Functions to better support an organization's incident response capabilities.
NIST encourages readers of SP 800-61 Revision 3 to utilize other NIST resources to access additional information on implementing the recommendations and considerations in the publication. These resources include the selected examples listed for Preparation Resources and Life Cycle Resources, the NIST CSF 2.0 publication and supplemental resources, and mappings to additional sources of information on implementing incident response considerations available through the NIST Cybersecurity and Privacy Reference Tool (CPRT).
Your comments and suggestions for the Incident Response project are always welcome, including feedback on the listed resources and suggestions for additional vendor-neutral resources to include. Contact us at [email protected].
Send Email to the NIST Incident Response Project Team:
[email protected]
Alex Nelson - NIST
Sanjay (Jay) Rekhi - NIST
Karen Scarfone - Scarfone Cybersecurity
Security and Privacy: incident response, threats, vulnerability management
Applications: cybersecurity framework, forensics
Send Email to the NIST Incident Response Project Team:
[email protected]
Alex Nelson - NIST
Sanjay (Jay) Rekhi - NIST
Karen Scarfone - Scarfone Cybersecurity
Security and Privacy: incident response, threats, vulnerability management
Applications: cybersecurity framework, forensics