"Networked technologies touch every corner of the globe and every facet of human life. They have driven innovation, nurtured freedoms, and spurred economic prosperity. Even so, the very technologies that enable these benefits offer new opportunities for malicious and unwanted cyber activities. The risks associated with the Nation's dependence on these networked technologies led to the development of Presidential Policy Directive 41 (PPD-41): United States Cyber Incident Coordination, which sets forth principles governing the Federal Government's response to any cyber incident, whether involving government or private sector entities. [...] The National Cyber Incident Response Plan (NCIRP or Plan) was developed according to the direction of PPD-41 and leveraging doctrine from the National Preparedness System to articulate the roles and responsibilities, capabilities, and coordinating structures that support how the Nation responds to and recovers from significant cyber incidents posing risks to critical infrastructure. The NCIRP is not a tactical or operational plan; rather, it serves as the primary strategic framework for stakeholders to understand how federal departments and agencies and other national-level partners provide resources to support response operations. Authored in close coordination with government and private sector partners, the NCIRP expounds upon the concurrent lines of effort, defined by PPD41, for how the Federal Government will organize its activities to manage the effects of significant cyber incidents. The concurrent lines of effort are threat response, asset response, intelligence support, and the affected entity, which undertakes efforts to manage the effects of the incident on its operations, customers, and workforce."
U.S. CERT: https://www.us-cert.gov/