This is the mobile-friendly web version of the original article.

Cybersecurity Incident & Vulnerability Response Playbooks

Operational Procedures for Planning and Conducting Cybersecurity Incident and Vulnerability Response Activities in FCEB Information Systems

Publication: November 2021

Cybersecurity and Infrastructure Security Agency

Cybersecurity and Infrastructure Security Agency

DISCLAIMER: This document is marked TLP:WHITE. Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction. For more information on the Traffic Light Protocol, see https://www.cisa.gov/tlp/.

1. Cybersecurity Incident & Vulnerability Response Playbooks
   1. Cybersecurity and Infrastructure Security Agency
   2. CONTENTS

CONTENTS

• Introduction

  • Overview

  • Scope

  • Audience

• Incident Response Playbook

  • Incident Response Process

  • Preparation Phase

  • Detection & Analysis

  • Containment

  • Eradication & Recovery

  • Post-Incident Activities

  • Coordination

• Vulnerability Response Playbook

  • Preparation

  • Vulnerability Response Process

  • Identification

  • Evaluation

  • Remediation

  • Reporting and Notification

• Appendix A: Key Terms

• Appendix B: Incident Response Checklist

• Appendix C: Incident Response Preparation Checklist

• Appendix E: Vulnerability and Incident Categories

• Appendix F: Source Text

• Appendix G: Whole-of-Government Roles and Responsibilities