The National Cyber Incident Response Plan (NCIRP)

Publish Date

 The National Cyber Incident Response Plan (NCIRP)

  • The NCIRP describes a national approach to dealing with cyber incidents; addresses the important role that the private sector, state and local governments, and multiple federal agencies play in responding to incidents and how the actions of all fit together for an integrated response;
  • Reflects and incorporates lessons learned from exercises, real world incidents and policy and statutory updates, such as the Presidential Policy Directive/PPD-41U.S. Cyber Incident Coordination, and the National Cybersecurity Protection Act of 2014.

The NCIRP also serves as the Cyber Annex to the Federal Interagency Operational Plan (FIOP) that built upon the National Planning Frameworks and the National Preparedness System.

This plan applies to cyber incidents and more specifically significant cyber incidents that are likely to result in demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people. 

DHS’s National Protection and Programs Directorate (NPPD) and Federal Emergency Management Agency (FEMA)’s National Integration Center led the development of this document, in coordination with the Department of Justice, the Secretary of Defense, and the Sector Specific Agencies and other interagency partners, representatives from the 16 critical infrastructure sectors and state and local governments.