What is 800-61 focused on?

Incident response. NIST SP 800-61 is the guide that defines how to prepare for, detect, analyze, contain, eradicate, recover from, and learn from cybersecurity incidents. It lays out the incident response lifecycle, roles and responsibilities, coordination with internal and external stakeholders, evidence handling, and ways to improve over time. This makes it the clear focus, because the publication is all about how to respond to and manage security incidents rather than broader IT topics. Why the others don’t fit as the primary focus: business continuity is about keeping essential operations running during or after any disruption, which is broader than incident handling and includes longer-term resilience beyond cyber incidents. Configuration management concentrates on maintaining approved system configurations and change control, not on the step-by-step response to security events. Risk assessment deals with identifying and evaluating risks, whereas 800-61 centers on the actions taken once an incident is detected and how to manage it effectively.