Request for Comment on the National Cyber Incident Response Plan Update

<NOTICE> DEPARTMENT OF HOMELAND SECURITY <DEPDOC>[Docket No. CISA-2024-0037]</DEPDOC> <SUBJECT>Request for Comment on the National Cyber Incident Response Plan Update</SUBJECT> <HD SOURCE="HED">AGENCY:</HD> Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS). <HD SOURCE="HED">ACTION:</HD> Notice of availability; request for comments. <SUM> <HD SOURCE="HED">SUMMARY:</HD> CISA has released a draft of the National Cyber Incident Response Plan (NCIRP) Update for public comment. CISA invites cybersecurity and incident response stakeholders from across public and private sectors or other interested parties to review the draft update document and provide comments, relevant information, and feedback. </SUM> <DATES> <HD SOURCE="HED">DATES:</HD> Written comments are requested on or before January 15, 2025. Submissions received after the deadline for receiving comments may not be considered. </DATES> <HD SOURCE="HED">ADDRESSES:</HD> You may submit comments, identified by docket number CISA-2024-0037, by clicking on the “Submit a Public Comment” button above or by following the instructions below for submitting comments directly via the Federal public document portal, at <E T="03">https://www.regulations.gov.</E> <E T="03">Instructions:</E> All comments received must include the agency name and docket number CISA-2024-0037. All comments received will be posted without change to <E T="03">https://www.regulations.gov,</E> including any personal information provided. CISA reserves the right to publicly republish relevant and unedited comments in their entirety that are submitted to the docket. Do not include personal information such as account numbers, social security numbers, or names of other individuals. Do not submit confidential business information or otherwise sensitive or protected information. <E T="03">Docket:</E> For access to the docket to read the draft National Cyber Incident Response Plan (NCIRP) Update or comments received, go to <E T="03">https://www.regulations.gov.</E> For convenience, CISA has also posted the draft NCIRP Update on <E T="03">https://www.cisa.gov/national-cyber-incident-response-plan-ncirp.</E> <FURINF> <HD SOURCE="HED">FOR FURTHER INFORMATION CONTACT:</HD> <E T="03">Technical Content information:</E> Mark Peters, 771-212-7125, <E T="03">mark.peters@cisa.dhs.gov.</E> <E T="03">Program information:</E> Michael Fogarty, 202-412-8385, <E T="03">michael.fogarty@cisa.dhs.gov.</E> </FURINF> <SUPLINF> <HD SOURCE="HED">SUPPLEMENTARY INFORMATION:</HD> <HD SOURCE="HD1">I. Background</HD> The NCIRP was first written and developed in accordance with Presidential Policy Directive 41 (PPD-41)—U.S. Cyber Incident Coordination and describes how the federal government; private sector; and state, local, tribal, and territorial (SLTT) government entities will coordinate to manage, respond to, and mitigate the consequences of significant cyber incidents. Due to the evolving cyber threat landscape—including increasing risks to critical infrastructure and public services—the need to update the NCIRP has never been greater. <HD SOURCE="HD1">II. NCIRP Update</HD> The NCIRP Update is being led by CISA through the Joint Cyber Defense Collaborative (JCDC), a public-private cybersecurity collaborative established by CISA to unite the global cyber community in the collective defense of cyberspace. The JCDC leverages joint cyber planning authorities granted to the agency by Congress in the 2021 National Defense Authorization Act (codified at 6 U.S.C. 665b). The update addresses changes in the cyber threat and operations landscape by incorporating feedback and lessons learned from stakeholders to make the updated NCIRP more fully inclusive across non-federal stakeholders—further establishing a foundation for continued improvement of the nation's response to significant cyber incidents. <HD SOURCE="HD1">III. Coordination</HD> CISA, through JCDC, coordinated with a range of experts and stakeholders across a wide spectrum of federal government agencies, international partners, SLTT entities, and private industry to receive each entity's input to help guide the content of the NCIRP Update. For more information, including background information and opportunities for stakeholder engagement, you can visit <E T="03">https://www.cisa.gov/national-cyber-incident-response-plan-ncirp.</E> <HD SOURCE="HD1">IV. Draft NCIRP Update Document Availability</HD> The draft NCIRP Update is available on CISA's website for download at: <E T="03">https://www.cisa.gov/national-cyber-incident-response-plan-ncirp</E> and on the docket to read the draft National Cyber Incident Response Plan (NCIRP) Update on <E T="03">www.regulations.gov.</E> This notice is issued under the authority of 6 U.S.C. 652, 659, 660, and 665b. <SIG> <NAME>Jeffrey E. Greene,</NAME> Executive Assistant Director for Cybersecurity, Cybersecurity and Infrastructure Security Agency, Department of Homeland Security. </SIG> </SUPLINF> <FRDOC>[FR Doc. 2024-29395 Filed 12-13-24; 8:45 am]</FRDOC> </NOTICE>