Anthropic-Cybersecurity-Skills/skills/building-malware-incident-communication-template/references/standards.md

Standards for Incident Communication

NIST SP 800-61 Rev 2

• Incident communication guidelines and templates
• Stakeholder notification requirements
• Media handling procedures

GDPR Article 33 and 34

• 72-hour notification to supervisory authority
• Communication to affected data subjects
• Required content for breach notifications

HIPAA Breach Notification Rule

• 60-day notification to HHS for breaches affecting 500+ individuals
• Individual notification requirements
• Media notification for large breaches

PCI DSS Incident Response

• Card brand notification requirements
• Forensic investigation reporting
• Merchant and service provider obligations

SEC Cybersecurity Disclosure Rules (2024)

• Material cybersecurity incident disclosure within 4 business days
• Annual reporting on cybersecurity risk management
• Board oversight disclosure requirements

CISA Incident Reporting

• CIRCIA mandatory reporting requirements
• Federal agency notification procedures
• Voluntary reporting guidelines

ISO 27035 - Information Security Incident Management

• Communication planning requirements
• Stakeholder identification and notification
• Post-incident communication review