For now just a personal bookmark. Although I hope we won't have to, I fear we will be referring back to this post.
From CISA.gov:
About this draft: This is a pre-decisional draft for public comment. It does not represent the final position of the U.S. Government or any participant in the process and is continuing to undergo updates as feedback is received.
Publication: December 2024
Executive Summary
The 2023 National Cybersecurity Strategy called for an update of the 2016 National Cyber Incident Response Plan (NCIRP), a strategic national framework for how federal; private sector; state, local, tribal, and territorial (SLTT); and international partners collectively address cyber incidents under Presidential Policy Directive 41 (PPD-41). This update responds to changes in the cyber threat landscape, federal law and policy, and new organizational capabilities.At a high level, the NCIRP sets out the structures that the United States government will use to coordinate the response to cyber incidents. It also provides a framework for the potential roles of federal agencies, SLTT government, the private sector, and civil society. However, the NCIRP is not a step-by-step instruction manual on how to conduct a response effort—nor could it be, as every incident and every response is different. Rather, the NCIRP sets out a flexible structure that1 responders can use to shape their efforts and maximize both efficiency and coordination. CISA encourages private sector entities to review the NCIRP to understand how the government will partner with them in an incident and how to incorporate this framework into their own planning efforts.
The NCIRP describes four lines of effort: Asset Response, Threat Response, Intelligence Support, and Affected Entity Response. The NCIRP also includes coordination mechanisms, key decision points, and priority activities across the cyber incident response lifecycle.
The NCIRP identifies coordinating structures that response stakeholders may leverage for cyber incidents requiring cross-sector, public-private, or federal coordination. Two key coordination structures are defined by PPD-41: the Cyber Response Group (CRG) for incident response policy and awareness and the Cyber Unified Coordination Group (Cyber UCG) for incident response coordination. The lead agencies for each federal line of effort manage coordination and resourcing within each line of effort.
The NCIRP distinguishes between two main cyber incident response phases: Detection and Response. The Detection phase encompasses monitoring, analysis, and detection to validate a reported incident and assess whether it rises to the level of a significant cyber incident. The Response phase encompasses activities to contain, eradicate, and recover from incidents, and to carry out law enforcement and intelligence activities necessary to attribute the incident and hold the perpetrators accountable.
Comprehensive national preparedness for cyber incidents requires additional planning to address more specific issues and stakeholder communities than the NCIRP alone can provide. The Cybersecurity and Infrastructure Security Agency (CISA) will develop and support additional planning documents to meet these needs. CISA plans to implement a regular cycle of revisions to fulfill its statutory responsibility to update, maintain, and exercise the NCIRP....
....MUCH MORE (42 page PDF)
As a side note, if registering securities in certificate form is part of your risk mitigation strategy be prepared to pay $500 and more per cert.
DTCC (DTC and Cede & Co.) strongly discourages use of the Direct Registration System.
