The IT Law Wiki


The National Response Plan (December 2004) was replaced with the National Response Framework (NRF) issued by the Department of Homeland Security (DHS) in January 2008.

The NRF were built on the NIMS template to establish a single, comprehensive framework for the management of domestic incidents (including threats) that require DHS coordination and effective response and engaged partnership by an appropriate combination of: Federal, State, local, and tribal governments; the private sector; and nongovernmental organizations.[1]

The NRF establishes a comprehensive, national, all-hazards approach to domestic incident response. It identifies the key response principles, as well as the roles and structures that organize national response. The document includes 23 Emergency Support Functions that provide the structure for coordinating federal interagency support for a federal response to an incident. Emergency Support Function 2 supports the restoration of the communications infrastructure, facilitates the recovery of systems and applications from cyber attacks, and coordinates federal communications support to response efforts during incidents requiring a coordinated federal response.

The NRF is a guide that presents the key response principles, participants, roles, and structures that guide U.S. response operations. It describes specific authorities and best practices for managing incidents that range from the serious but purely local, to large-scale terrorist [[attack]s or catastrophic natural disasters requiring federal assistance. It was written for the use of government executives, private sector and nongovernmental organization leaders, and emergency management practitioners.

Cyber Incident Annex[]

The Cyber Incident Annex describes the framework for federal cyber incident response in the event of a cyber-related incident of national significance affecting the critical national processes.

Further, the Annex formalizes the National Cyber Response Coordination Group (NCRCG). As established under the preceding National Response Plan, the NCRCG continues to be cochaired by DHS's National Cyber Security Division (NCSD), the Department of Justice's Computer Crime and Intellectual Property Section, and the DOD. It is to bring together officials from all agencies that have responsibility for cybersecurity and the sector-specific agencies identified in Homeland Security Presidential Directive 7. The group coordinates intergovernmental and public/private preparedness and response to and recovery from national-level cyber incidents and physical attacks that have significant cyber-related consequences.

During and in anticipation of such an incident, the NCRCG's senior-level membership is responsible for providing subject matter expertise, recommendations, and strategic policy support and ensuring that the full range of federal capabilities is deployed in a coordinated and effective fashion.

CIKR Support Annex[]

The NRF includes a CIKR Support Annex that provides the policies and protocols for integrating the CIKR protection mission as an essential element of domestic incident management and establishes the Infrastructure Liaison function to serve as a focal point for CIKR coordination at the field level.