NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Guide for Cybersecurity Event Recovery

Published

Author(s)

Michael Bartock, Jeffrey Cichonski, Murugiah Souppaya, Matthew C. Smith, Gregory Witte, Karen Scarfone

Abstract

In light of an increasing number of cybersecurity events, organizations can improve resilience by ensuring that their risk management processes include comprehensive recovery planning. Identifying and prioritizing organization resources helps to guide effective plans and realistic test scenarios. This preparation enables rapid recovery from incidents when they occur and helps to minimize the impact on the organization and its constituents. Additionally, continually improving recovery planning by learning lessons from past events, including those of other organizations, helps to ensure the continuity of important mission functions. This publication provides tactical and strategic guidance regarding the planning, playbook developing, testing, and improvement of recovery planning. It also provides an example scenario that demonstrates guidance and informative metrics that may be helpful for improving resilience of information systems.
Citation
Special Publication (NIST SP) - 800-184
Report Number
800-184
NIST Pub Series
Special Publication (NIST SP)
Pub Type
NIST Pubs

Download Paper

https://doi.org/10.6028/NIST.SP.800-184
Local Download

Keywords

cyber event, cybersecurity, Cybersecurity Framework (CSF), Cybersecurity National Action Plan (CNAP), Cybersecurity Strategy and Implementation Plan (CSIP), metrics, planning, recovery, resilience
Cybersecurity and privacy

Citation

Bartock, M. , Cichonski, J. , Souppaya, M. , Smith, M. , Witte, G. and Scarfone, K. (2016), Guide for Cybersecurity Event Recovery, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.800-184, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=922303 (Accessed October 6, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created December 21, 2016, Updated January 4, 2022
Was this page helpful?