Federal Government Cybersecurity Incident and Vulnerability Response Playbooks 英文版TLP:WHITE m o c . 5 b u h t i g Cybersecurity Incident & Vulnerability Response Playbooks Operational Procedures for Planning and Conducting Cybersecurity Incident and Vulnerability Response Activities in FCEB Information Systems Publication: November 2021 Cybersecurity and Infrastructure Security Agency DISCLAIMER: This document is marked TLP:WHITE. Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction. For more information on the Traffic Light Protocol, see https://www.cisa.gov/tlp/. TLP:WHITE TLP:WHITE CONTENTS Introduction ............................................................................................................................................ 3 Overview ............................................................................................................................................ 3 Scope ................................................................................................................................................. 3 Audience ............................................................................................................................................ 4 Incident Response Playbook .................................................................................................................. 5 Incident Response Process ................................................................................................................ 5 Preparation Phase.............................................................................................................................. 6 Detection & Analysis ........................................................................................................................ 10 Containment ..................................................................................................................................... 14 m o Eradication & Recovery .................................................................................................................... 15 Post-Incident Activities ..................................................................................................................... 16 c . 5 Coordination ..................................................................................................................................... 17 Vulnerability Response Playbook ......................................................................................................... 21 Preparation....................................................................................................................................... 21 b u Vulnerability Response Process ....................................................................................................... 22 Identification ..................................................................................................................................... 22 h t i g Evaluation ........................................................................................................................................ 23 Remediation ..................................................................................................................................... 24 Reporting and Notification ................................................................................................................ 24 Appendix A: Key Terms ....................................................................................................................... 25 Appendix B: Incident Response Checklist ............................................................................................ 27 Appendix C: Incident Response Preparation Checklist ........................................................................ 35 Appendix E: Vulnerability and Incident Categories ............................................................................... 38 Appendix F: Source Text...................................................................................................................... 39 Appendix G: Whole-of-Government Roles and Responsibilities ........................................................... 41 TLP:WHITE CISA | Cybersecurity and Infrastructure Security Agency 2 TLP:WHITE INTRODUCTIO