NIST compliance is a key strategy for managing security risks and protecting sensitive data—especially for organizations working with the government or bidding for defense contracts.

world wide

NIST 6 Steps toward Incident Response:

Assemble your team

It’s critical to have the right people with the right skills, along with associated tribal knowledge. Appoint a team leader who will have overall responsibility for responding to the incident. This person should have a direct line of communication with management so that important decisions—such as taking key systems offline if necessary—can be made quickly.


Detect and ascertain the source.

The IR team you’ve assembled should first work to identify the cause of the breach, and then ensure that it’s contained


Contain and recover

Once you’ve detected an incident and its source, you need to contain the damage. This may involve disabling network access for computers known to be infected by viruses or other malware (so they can be quarantined) and installing security patches to resolve malware issues or network vulnerabilities. You may also need to reset passwords for users with accounts that were breached, or block accounts of insiders that may have caused the incident


Assess damage and severity

Look at the cause of the incident. In cases where there was a successful external attacker or malicious insider, consider the event as more severe and respond accordingly.


Begin the notification process

A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized person. Privacy laws such as GDPR and California’s CCPA require public notification in the event of such a data breach. Notify affected parties so they can protect themselves from identity theft or other fallout from the disclosure of confidential personal or financial data


Utilize tools to remember every IT asset running in your development and its related cybersecurity vulnerabilities


Take necessary security steps, like protecting logins with multi-factor authentication and training staff to prevent phishing attempts.

Setting up the monitoring solutions such as SIEM and IDS and tie them to your organization’s network and a firewall.

Implement automation that flags incidents worthy of human attention and directs ticket assignments accordingly.


 Comprehend how long it takes your organization to recover normal functionality after a cyber-attack or malware event—then understand how long it should take depending on your SLAs.

Ready for your compliance journey

Get in touch today

Subscribe now

Subscribe to get your copy of checklist etc

Skip to content