Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Respond

These mappings are intended to demonstrate the relationship between existing NIST publications and the Cybersecurity Framework. These preliminary mappings are intended to evolve and progress over time as new publications are created and existing publications are updated. Initially, each publication has been mapped only once to the category considered most applicable. Certain NIST publications that have broad applicability across multiple categories of a function have been included within the General Mappings section.

General Mappings

This table provides publications that have broad applicability across multiple categories of a function.

RESPOND (RS)

800-34 Rev. 1

Contingency Planning Guide for Federal Information Systems

 

 

NIST Cybersecurity Publication by Category

This table consists of NIST Publications that have been mapped only once to an individual Category.

RESPOND (RS)

Response Planning (RS.RP): Response processes and procedures are executed and maintained, to ensure timely response to detected cybersecurity incidents.

800-34 Rev. 1

Contingency Planning Guide for Federal Information Systems

 

Communications (RS.CO): Response activities are coordinated with internal and external stakeholders, as appropriate, to include external support from law enforcement agencies.

800-150

Guide to Cyber Threat Information Sharing

 

Analysis (RS.AN): Analysis is conducted to ensure adequate response and support recovery activities.

800-101 Rev. 1

Guidelines on Mobile Device Forensics

800-72

Guidelines on PDA Forensics

800-168

Approximate Matching: Definition and Terminology

800-86

Guide to Integrating Forensic Techniques into Incident Response

 

Mitigation (RS.MI): Activities are performed to prevent expansion of an event, mitigate its effects, and resolve the incident.

800-61 Rev. 2

Computer Security Incident Handling Guide

800-83 Rev. 1

Guide to Malware Incident Prevention and Handling for Desktops and Laptops

 

 

 

Created February 1, 2018, Updated May 21, 2018