Planning: Response & Recovery

The First 48: What to Expect When a Cyber Incident Occurs (.pdf, 336.4 KB)
(SAFECOM) This document, developed in partnership with public safety officials who have firsthand experience with cyberattacks, will inform expectations, and provide recommendations on how to proceed after experiencing a cyber incident.
Essential Elements: Your Crisis Response (.pdf, 339.6 KB)
(CISA) This Toolkit focuses on responding to and recovering from a cyberattack. Topic areas include developing an incident response plan and disaster recovery plan, using business impact assessments to prioritize resources and identify systems to be recovered, knowing who to call for help in the event of a cyber incident, and developing an internal reporting structure to communicate to stakeholder.
Federal Government Cybersecurity Incident and Vulnerability Response Playbooks (.pdf, 1.09 MB)
(CISA) This document presents two playbooks: one for incident response and one for vulnerability response. These playbooks provide Federal Civilian Executive Branch (FCEB) agencies with a standard set of procedures to identify, coordinate, remediate, recover, and track successful mitigations from incidents and vulnerabilities affecting FCEB systems, data, and networks.
The National Cyber Incident Response Plan (NCIRP)
(CISA) The NCIRP describes a national approach to dealing with cyber incidents and addresses the important role that the private sector, state and local governments, and multiple federal agencies play in responding to incidents and how the actions of all fit together for an integrated response.