NIST Incident Handling Activities
Since 1989 the National Institute of Standards and Technology Computer
Security Division has been active in the incident handling community. As
one of the eleven founding members of the international organization, Forum
of Incident Response and Security Teams (FIRST), NIST recognized early
the need for computer security incident handling. In the initial five years
of FIRST's existence, NIST served as the FIRST Secretariat and the host
of the e-mail list and web site. NIST has a long standing reputation for
creating environments to foster and nurture collaboration among experts
to address technical issues and to use the knowledge gained from these
experiences to provide guidance to Federal agencies and the public. NIST
Special Publication 800-3, "Establishing a Computer Security Incident Response
Capability," provided guidance on developing a centralized and cost-effective
approach to handling computer security incidents.
From 1996 through September 1998, NIST, along with the operational partners
of the Department of Energy's Computer Incident Advisory Capability (CIAC)
and the CERT/CC, began and operated the Federal Computer Incident Response
Capability (FedCIRC). FedCIRC was a Government Information Technology Services
Board pilot designed to address the near- and long-term incident handling
needs of the Federal civilian community. FedCIRC provided incident handling
services to civilian agencies and helped build agency competence and self-reliance
in incident handling. On October 1, 1998, the General Services Administration
became the manager of the FedCIRC initiative.
Incident Handling Homepage
Please send comments or suggestions to email@example.com
Last Modified: December 18, 2013.
Revision to NIST Special Publication 800-3, "Establishing a Computer Incident
The experience of FedCIRC will be used to provide more guidance to
agencies that want to leverage existing resources to create a computer
security incident response capability. The revised document will include
policy and procedures for setting up an incident handling capability.