NIST publishes new version of cyber incident response guide, now part of Cybersecurity Framework 2.0
In April 2025, the National Institute of Standards and Technology (NIST) published the long-awaited Revision 3 of SP 800-61, its reference guide for cybersecurity incident response management. This new edition replaces the 2012 version and marks a significant strategic shift by aligning incident response with the recently updated Cybersecurity Framework (CSF) 2.0.
Incident response, previously treated as an isolated technical process, is now part of an integrated organizational risk management approach. The document positions the incident response function as a transversal and continuous capability, which requires planning, leadership involvement and integration with corporate processes, suppliers and partners.
What's new in Revision 3
SP 800-61r3 structures incident response practices according to the six pillars of CSF 2.0:
Governance: establishing clear policies and roles for incident response, with the involvement of senior management;
Identify: map assets and risks, including critical external dependencies;
Protect: implement preventive controls that reduce the likelihood of incidents;
Detect: ensure monitoring, early warning and analysis capacity;
Responding: acting in a coordinated manner, with tested and well-documented procedures;
Recover: restore functions and operations based on continuity plans and lessons learned.
Focus on organizational maturity and continuous improvement
The guide stresses that an effective incident response doesn't start at the moment of the incident, but rather in the preparation phase: plans, simulations, asset inventory and communication channels must be clearly established. The involvement of stakeholders - from technical teams to executives - is essential for agile and efficient management.
In addition, NIST reinforces the importance of analyzing the response after each incident, integrating lessons learned into continuous improvement processes. This cycle strengthens the organization's resilience and contributes to informed strategic decisions in the future.
Implications for the medical devices sector
In the context of the increasing digitization of medical devices and international regulations - including cybersecurity requirements under the MDR, IVDR and FDA - this guide provides a structured basis for manufacturers who want to align their processes with international best practices.
Access the document below.
