NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
Search CSRC:

Computer Security Incident Coordination (CSIC)

Overview:

The Computer Security Division is working with the Department of Homeland Security (DHS) to develop guidance on Computer Security Incident Coordination (CSIC). The goal of CSIC is to help diverse collections of organizations to effectively collaborate in the handling of computer security incidents. Effective collaboration raises numerous issues on how and when to share information between organizations, and in what form information should be shared. Because different organizations may have substantially different capabilities for responding to attacks, diagnosing causes, and handling sensitive attack-related information, guidance must provide a framework to help organizations interoperate despite their organizational differences.

This initiative will develop a NIST SP that provides guidance on how organizations can develop collaborative capabilities in advance of incidents in order to be prepared to operate swiftly and with coordination during incidents. The guidance will cover data handling considerations, such as sensitivity, data collection and retention practices, data standards, redaction, and use of tools such as anonymization. The guidance will help incident responders to understand when data can be shared, when it should not be shared, and when sharing is essential. A key element in the approach is the concept of an integrated, functionally-composed incident response team. The objective of a functionally-composed team is to enable each organization to contribute most in technical areas where that organization has higher relative levels of expertise and readiness, thus speeding incident detection, analysis, containment, eradication, and recovery.

Federal Register Notice:

This link will take you to the Federal Register Notice published on June 28, 2013 in regards to the Computer Security Incident Coordination (CSIC): Providing Timely Cyber Incident Response.

RFI:

(Updated August 1, 2013) --
Due to a configuration issue, RFI responses sent (only) to incidentcoordination@nist.gov were not delivered and also did not generate bounce errors. If you sent an RFI response to incidentcoordination@nist.gov prior to the closing date of July 29, 2013 at 5:00 p.m. Eastern time, NIST requests that you resend your response to the same address by August 9, 2013 at 5:00 p.m. Eastern time.

DETAILS -

More information regarding the RFI and Computer Security Incident Coordination will be provided here when it becomes available.