CISA Published a “Playbook” Regarding Cybersecurity Vulnerability and Incident Response Activity

Written By Haley Metteauer

On November 16, 2021, the Cybersecurity and Infrastructure Security Agency (CISA) published two “Playbooks” to strategize and conduct “cybersecurity vulnerability and incident response activity.

The Playbooks were created in response to The White House’s Executive Order (EO) 14028: Improving the Nation’s Cybersecurity, which charged CISA to develop a “standard set of operational procedures (playbook) to be used in planning and conducting a cybersecurity vulnerability and incident response activity respecting Federal Civilian Executive Branch (FCEB) Information Systems.”

The processes outlined in the Playbooks are anticipated to:

  • Facilitate better coordination and effective response among affected organizations;

  • Enable tracking of cross-organizational successful actions;

  • Allow for cataloging of incidents to better manage future events; and

  • Guide analysis and discovery.

The Playbooks provide various flow charts to outline the possible processes and detail each step of said process that Matt Hartman, Deputy Executive Assistant Director for Cybersecurity, claims are intended to “identify, remediate, and recover from vulnerabilities and incidents affecting their systems.”

The Incident Response Playbook applies to incidents that “involve confirmed malicious cyber activity and for which a major incident . . . has been declared or not yet been reasonably ruled out.” The Incident Response Playbook includes the following key processes:

  • Preparation Phase;

  • Detection & Analysis; 

  • Containment;

  • Eradication & Recovery;

  • Post-Incident Activities; and

  • Coordination.

The Vulnerability Response Playbook applies to vulnerabilities being actively exploited in the wild. The Vulnerability Response Playbook includes the following key processes:

  • Identification;

  • Evaluation;

  • Remediation; and

  • Reporting and Notification.

Although the Playbook applies only to FCEB agencies and their contractors or agents, CISA encourages businesses and organizations not within that category to use it as a guide to structure their own approach to ensure compliance with the most recent best practices.

For questions or concerns as to how these Playbooks could affect your business or organization or for assistance structuring your own Playbook, contact Kennedy Sutherland.

Haley Metteauer
Previous

With the Passage of the Infrastructure Bill Comes New Cybersecurity-Related Implications
Next

Illinois Governor Enacts the Protecting Household Privacy Act, to be Effective Soon