The Computer Security Division is working with the Department of Homeland Security (DHS) to develop guidance on Computer Security Incident Coordination (CSIC). The goal of CSIC is to help diverse collections of organizations to effectively collaborate in the handling of computer security incidents. Effective collaboration raises numerous issues on how and when to share information between organizations, and in what form information should be shared. Because different organizations may have substantially different capabilities for responding to attacks, diagnosing causes, and handling sensitive attack-related information, guidance must provide a framework to help organizations interoperate despite their organizational differences.
This initiative will develop a NIST Special Publication (SP) that provides guidance on how organizations can develop collaborative capabilities in advance of incidents in order to be prepared to operate swiftly and with coordination during incidents. The guidance will cover data handling considerations, such as sensitivity, data collection and retention practices, data standards, redaction, and use of tools such as anonymization. The guidance will help incident responders to understand when data can be shared, when it should not be shared, and when sharing is essential. A key element in the approach is the concept of an integrated, functionally-composed incident response team. The objective of a functionally-composed team is to enable each organization to contribute most in technical areas where that organization has higher relative levels of expertise and readiness, thus speeding incident detection, analysis, containment, eradication, and recovery.
More information regarding the RFI and Computer Security Incident Coordination will be provided here when it becomes available