On December 16, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) announced that it published a draft National Cyber Incident Response Plan (NCIRP) Update for public comments.

What is the NCIRP?

The CISA explained that the NCIRP is a national framework that outlines coordination mechanisms and priority activities for responses to cyber incidents, including asset response, threat response, intelligence support, and affected entity response. The NCIRP provides a framework for the potential roles of federal agencies, state, local, tribal, and territorial governments, the private sector, and civil society.

The NCIRP covers, among other things:

• phases of cyber incident response operations, including detection and response phases;
• post-incident activities, such as capturing and implementing lessons learned to the extent practicable;
• implementation and maintenance of the response plan by CISA, federal departments and agencies, and across the nation;
• cyber incident severity schema;
• voluntary reporting to the federal government;
• stakeholder roles and responsibilities; and
• follow-on implementation activities.

What are the updates to NCIRP?

The CISA outlines that key updates in this draft include:

• a defined path for non-federal stakeholders to participate in the coordination of cyber incident response;
• improved usability by streamlining content and aligning to an operational lifecycle;
• relevant legal and policy changes impacting agency roles and responsibilities; and
• a predictable cycle for future updates of the NCIRP.

How to submit comments?

Comments can be submitted in the federal register until January 15, 2025.

You can read the press release here, the draft response plan here, and access the federal register here.