Guide for cybersecurity event recovery

NIST Special Publication 800-184
15 December 2016

In light of an increasing number of cybersecurity events, organizations can improve resilience by ensuring that their risk management processes include comprehensive recovery planning. Identifying and prioritizing organization resources helps to guide effective plans and realistic test scenarios. This preparation enables rapid recovery from incidents when they occur and helps to minimize the impact on the organization and its constituents. Additionally, continually improving recovery planning by learning lessons from past events, including those of other organizations, helps to ensure the continuity of important mission functions. This publication provides tactical and strategic guidance regarding the planning, playbook developing, testing, and improvement of recovery planning. It also provides an example scenario that demonstrates guidance and informative metrics that may be helpful for improving resilience of information systems. 

Publication Details

Resource Type: 

Cite this document

Suggested Citation

Michael Bartock, Jeffrey Cichonski, Murugiah Souppaya, Greg Witte, Karen Scarfone, 2016, Guide for cybersecurity event recovery, National Institute of Standards and Technology, viewed 29 April 2017, <>.

Page Shares