NIST Threat Intelligence Sharing Information

The NIST Cyber Threat Intelligence Information and Sharing document for May 2017 has been released and can be found here.  NIST Cyber Threat Intelligence Information Sharing.

Cyber-attacks continue to increase in frequency and sophistication, presenting significant challenges for organizations that must defend their data and systems from capable threat actors. These actors range from individual, autonomous attackers to well- resourced groups operating in a coordinated manner as part of a criminal enterprise or on behalf of a nation-state. Threat actors can be persistent, motivated, and agile, and they use a variety of tactics, techniques, and procedures (TTPs) to compromise systems, disrupt services, commit financial fraud, and expose or steal intellectual property and other sensitive information. Given the risks these threats present, it is increasingly important that organizations share cyber-threat information, and use the community’s experience to improve their security posture.

Cyber -threat information is any information that can help an organization to identify, assess, monitor, and respond to cyber-threat s. Examples of cyber-threat information include indicators (system artifacts or observables 2 associated with an attack), TTPs, security alerts, threat intelligence reports, and recommended security tool configurations. Most organizations already produce multiple types of cyber- threat information that are available to share internally as part of their information technology and security operations efforts.