NCIRP Background

The National Cyber Incident Response Plan (NCIRP) describes a national approach to handling significant cyber incidents. It addresses the important role that the private sector, state and local governments, and multiple federal agencies play in responding to incidents. It also describes how the actions of all these stakeholders fit together to provide an integrated response. The NCIRP reflects and incorporates lessons learned from exercises, real world incidents, and policy and statutory updates including Presidential Policy Directive/PPD-41 – US Cyber Incident Coordination (and its annex) and the National Cybersecurity Protection Act of 2014.

The NCIRP also serves as the Cyber Annex to the Federal Interagency Operational Plan (FIOP) that built upon the National Planning Frameworks and the National Preparedness System.

This plan applies to cyber incidents that are likely to result in demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people. 

The current version of the National Cyber Incident Response Plan was released in December 2016 and is available here:

• National Cyber Incident Response Plan (PDF)
• Frequently Asked Questions (PDF)