U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

Cyber Threat Information Sharing CTIS

Overview

The Computer Security Division is working with the Department of Homeland Security (DHS) to develop guidance on Computer Security Incident Coordination (CSIC). The goal of CSIC is to help diverse collections of organizations to effectively collaborate in the handling of computer security incidents. Effective collaboration raises numerous issues on how and when to share information between organizations, and in what form information should be shared. Because different organizations may have substantially different capabilities for responding to attacks, diagnosing causes, and handling sensitive attack-related information, guidance must provide a framework to help organizations interoperate despite their organizational differences.

This initiative will develop a NIST Special Publication (SP) that provides guidance on how organizations can develop collaborative capabilities in advance of incidents in order to be prepared to operate swiftly and with coordination during incidents. The guidance will cover data handling considerations, such as sensitivity, data collection and retention practices, data standards, redaction, and use of tools such as anonymization. The guidance will help incident responders to understand when data can be shared, when it should not be shared, and when sharing is essential. A key element in the approach is the concept of an integrated, functionally-composed incident response team. The objective of a functionally-composed team is to enable each organization to contribute most in technical areas where that organization has higher relative levels of expertise and readiness, thus speeding incident detection, analysis, containment, eradication, and recovery.


More information regarding the RFI and Computer Security Incident Coordination will be provided here when it becomes available

Created May 24, 2016, Updated June 22, 2020