Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Guide for Cybersecurity Event Recovery

Published

Author(s)

Michael J. Bartock, Jeffrey A. Cichonski, Murugiah P. Souppaya, Matthew C. Smith, Gregory A. Witte, Karen Scarfone

Abstract

In light of an increasing number of cybersecurity events, organizations can improve resilience by ensuring that their risk management processes include comprehensive recovery planning. Identifying and prioritizing organization resources helps to guide effective plans and realistic test scenarios. This preparation enables rapid recovery from incidents when they occur and helps to minimize the impact on the organization and its constituents. Additionally, continually improving recovery planning by learning lessons from past events, including those of other organizations, helps to ensure the continuity of important mission functions. This publication provides tactical and strategic guidance regarding the planning, playbook developing, testing, and improvement of recovery planning. It also provides an example scenario that demonstrates guidance and informative metrics that may be helpful for improving resilience of information systems.
Citation
Special Publication (NIST SP) - 800-184
Report Number
800-184

Keywords

cyber event, cybersecurity, Cybersecurity Framework (CSF), Cybersecurity National Action Plan (CNAP), Cybersecurity Strategy and Implementation Plan (CSIP), metrics, planning, recovery, resilience
Created December 22, 2016, Updated May 28, 2020