NIST drafts cyber threat info sharing guidance

NIST drafts cyber threat info sharing guidance

When an agency identifies and successfully responds to a cyberattack, it gains knowledge that can be used by others facing the same or similar threats.  Because attackers often use similar strategies, tools, and methods against multiple organizations, shared threat intelligence can reduce the impact of future attacks.

That’s the thinking behind the National Institute of Standards and Technology’s Draft Special Publication 800-150, Guide to Cyber Threat Information Sharing, designed to exploit cross-agency collective knowledge and experience by actively sharing threat intelligence and ongoing coordination.

SP 800-150 expands upon the guidance introduced in SP 800-61, Computer Security Incident Handling Guide that explores information sharing, coordination and collaboration as part of the incident response life cycle.

This draft introduces information sharing practices, examines formats and protocols that foster interoperability and provides guidance on improving information sharing programs. It also includes guidelines for coordinated incident handling, including producing and consuming data, participating in information sharing communities and protecting incident-related data.

 This information-sharing ecosystem will be most effective, says NIST, if all participants have a robust and mature cybersecurity program that helps prioritize response operations, enhance detection capabilities and deploy effective courses of action. Elements of a mature system feature:

  • Core cybersecurity capabilities that include a monitoring infrastructure capable of supporting basic event and incident detection, analysis and response efforts.
  • Processes for creating, consuming and sharing basic threat intelligence.
  • Advanced cybersecurity capabilities, including those enabling technical information exchange, a forensics team, defensive capabilities (honeypots) and advanced analytics and visualization.

In all, NIST lists 30 recommendations in its draft. Comments are due by Nov. 28.

About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected