NIST update on incident reporting guidance to inform upcoming CISA regime for critical infrastructure

The National Institute of Standards and Technology and CISA are developing updates to guidance on incident reporting and vulnerability disclosure, according to NIST Computer Security Division chief Matthew Scholl, that will inform CISA’s upcoming regime for critical infrastructure.

NIST Special Publication 800-61, “Computer Security Incident Handling Guide,” will be updated to add in new details on “best practices and technical exchange and formats of data that is most helpful,” Scholl said at the Wednesday meeting of NIST’s Information Security...