NIST Guidance Encourages Coordinated Incident Response

The National Institute of Standards and Technology (NIST) has proposed guidance on cyber threat information sharing. In its October 2014 draft, NIST seeks to leverage shared information to enhance cybersecurity through coordinated incident response.

Specifically, NIST recommends that, to enhance its cybersecurity posture and ability to respond to a cyber incident, an organization should:

• Inventory the information that it possesses and is capable of producing, and document the circumstances under which this information may be shared.
• Exchange threat intelligence, tools, and techniques with sharing partners.
• Employ open, standard data formats and protocols to facilitate the efficient and effective exchange of information.
• Use information from external sources to augment local data collection, analysis, and management.
• Define an approach for adaptive cybersecurity that addresses the full cyber-attack life cycle, including detection, limitation and prevention of cyber attacks.
• Ensure that the resources required for ongoing participation in a sharing community are available, including commitment of personnel and hardware and software.
• Maintain an ongoing awareness of information security, vulnerabilities, and threats in order to protect sensitive information.
• Establish the foundational infrastructure necessary to maintain its cybersecurity posture and clearly identify the roles and responsibilities for installing, operating and maintaining these capabilities.

The public comment period on NIST’s draft guidance ran through November 28, 2014.