Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 800-61 Rev. 2

Computer Security Incident Handling Guide

Date Published: August 2012

Supersedes: SP 800-61 Rev. 1 (03/07/2008)

Planning Note (04/03/2024):

An initial public draft of Revision 3 is now available: Incident Response Recommendations and Considerations for Cybersecurity Risk Management: A CSF 2.0 Community Profile. Public comments are due by May 20, 2024.

Send inquiries about this publication to


Paul Cichonski (NIST), Thomas Millar (DHS), Tim Grance (NIST), Karen Scarfone (Scarfone Cybersecurity)



computer security incident; incident handling; incident response; threats; vulnerabilities
Control Families

Incident Response; System and Information Integrity


Download URL

Supplemental Material:
Press Release

Document History:
08/06/12: SP 800-61 Rev. 2 (Final)