NIST SP 800-6138
NIST SP 800-61 Rev 2 Computer Security Incident Handling Guide — preparation, detection and analysis, containment, eradication, and post-incident activity.
Requirements in this framework
- Attack Vectors and Indicators
- Attacker Identification
- Chain of Custody Documentation
- Containment strategy
- Containment Strategy Selection
- Coordination with External Parties
- Detection and analysis
- Eradication and recovery
- Eradication Procedures
- Evidence Gathering and Handling
- Evidence Storage and Protection
- External coordination and reporting
- Forensic Evidence Acquisition
- Forensic evidence and chain of custody
- Incident Analysis
- Incident Data Collection and Retention
- Incident Documentation
- Incident Handling Communications
- Incident Notification
- Incident Prioritization
- Incident Response Metrics
- Incident response metrics and program management
- Incident Response Plan Maintenance
- Incident Response Policy and Plan
- Incident response preparation
- Incident Response Program Evaluation
- Incident Response Team Services
- Incident Response Team Structure
- Incident Response Training and Exercises
- Information Sharing Guidelines
- Law Enforcement Coordination
- Lessons Learned Meetings
- Objective Incident Assessment
- Post-incident improvements
- Preparation - Incident Prevention
- Preparation - Tools and Resources
- Recovery Operations
- Signs of an Incident