CSIRT Framework Development SIG

Mission

The state-of-the-art for CSIRTs could still improve considerably by extending and improving the available set of foundational frameworks and materials. The SIG will seek to involve experts interested in that work and provide a community to discuss improvements in need, existing gaps and (potential) new developments – taking into account, and collaborating where appropriate, initiatives from within FIRST and other entities/communities aiming for similar objectives (like APCERT, ENISA, GFCE, ITU, LACNIC, OCF, OAS, TF-CSIRT, etc.).

By identifying needed materials which are not readily available from other entities, the SIG will discuss needs and gaps and decide on the way forward either by:

• Bringing in a resource for improvement work after agreement by the original authors and/or copyright owners (preferably get them on board);
• Analyzing in more detail how to fill identified gaps/issues;
• Identifying the need for a more widely consolidated effort, requiring extra means or a wider audience, and taking this up within FIRST;
• Monitoring the take-up of identified gaps and issues by other entities and communities and coordinate liaisonships with such efforts;
• Taking up the (re-)drafting and publication of the CSIRT services framework should the need arise.

Goals & Deliverables

Until June 2025, the SIG aims to:

• Produce the v1.0 of the addendum "CSIRT Roles and Competencies" based on the review of the CSIRT community;
• Provide a slide deck "Basic Security Incident Management Team Types" until December 2024
• Produce an updated extension of the document "Team Types within the context of Security Incident Management Services Frameworks" containing commonly recognized sub-types (like "coordinating CSIRT") of the four basic team types;
• Work on an updated version of the CSIRT Services Framework to be compliant to the identified four basic team types and applicable sub-types;
• Foster liaisonships with other communities/organizations supporting CSIRT capacity/capability/maturity initiatives to improve the adoption of the CSIRT Services Framework v2.1 and the new addendum as well as the defined team types (at least: APCERT, ENISA, GFCE, ITU, LACNIC, OCF, OAS, TF-CSIRT);

Chair

• Klaus-Peter Kossakowski

Request to Join

• Initiatives
  • Special Interest Groups (SIGs)
    • SIGs Framework
    • Academic Security SIG
    • AI Security SIG
    • Automation SIG
    • Big Data SIG
    • Common Vulnerability Scoring System (CVSS-SIG)
      • Calculator
      • Specification Document
      • User Guide
      • Examples
      • Frequently Asked Questions
      • CVSS v4.0 Documentation & Resources
        • CVSS v4.0 Calculator
        • CVSS v4.0 Specification Document
        • CVSS v4.0 User Guide
        • CVSS v4.0 Examples
        • CVSS v4.0 FAQ
      • CVSS v3.1 Archive
        • CVSS v3.1 Calculator
        • CVSS v3.1 Specification Document
        • CVSS v3.1 User Guide
        • CVSS v3.1 Examples
        • CVSS v3.1 Calculator Use & Design
      • CVSS v3.0 Archive
        • CVSS v3.0 Calculator
        • CVSS v3.0 Specification Document
        • CVSS v3.0 User Guide
        • CVSS v3.0 Examples
        • CVSS v3.0 Calculator Use & Design
      • CVSS v2 Archive
        • CVSS v2 Complete Documentation
        • CVSS v2 History
        • CVSS-SIG team
        • SIG Meetings
        • Frequently Asked Questions
        • CVSS Adopters
        • CVSS Links
      • CVSS v1 Archive
        • Introduction to CVSS
        • Frequently Asked Questions
        • Complete CVSS v1 Guide
      • JSON & XML Data Representations
      • CVSS On-Line Training Course
      • Identity & logo usage
    • CSIRT Framework Development SIG
    • Cyber Insurance SIG
      • Cyber Insurance SIG Webinars
    • Cyber Threat Intelligence SIG
      • Curriculum
        • Introduction
        • Introduction to CTI as a General topic
        • Methods and Methodology
        • Priority Intelligence Requirement (PIR)
        • Source Evaluation and Information Reliability
        • Machine and Human Analysis Techniques (and Intelligence Cycle)
        • Threat Modelling
        • Training
        • Standards
        • Glossary
        • Communicating Uncertainties in CTI Reporting
      • Webinars and Online Training
      • Building a CTI program and team
        • Program maturity stages
          • CTI Maturity model - Stage 1
          • CTI Maturity model - Stage 2
          • CTI Maturity model - Stage 3
        • Program Starter Kit
        • Resources and supporting materials
    • Digital Safety SIG
    • DNS Abuse SIG
      • Code of Conduct & Other Policies
      • Examples of DNS Abuse
    • Ethics SIG
      • Ethics for Incident Response Teams
    • Exploit Prediction Scoring System (EPSS)
      • The EPSS Model
      • Data and Statistics
      • User Guide
      • EPSS Research and Presentations
      • Frequently Asked Questions
      • Who is using EPSS?
      • Open-source EPSS Tools
      • API
      • Related Exploit Research
      • Blog
        • Understanding EPSS Probabilities and Percentiles
        • Log4Shell Use Case
        • Estimating CVSS v3 Scores for 100,000 Older Vulnerabilities
      • Data Partners
    • FIRST Multi-Stakeholder Ransomware SIG
    • Human Factors in Security SIG
    • Industrial Control Systems SIG (ICS-SIG)
    • Information Exchange Policy SIG (IEP-SIG)
    • Information Sharing SIG
      • Malware Information Sharing Platform
    • Law Enforcement SIG
    • Malware Analysis SIG
      • Malware Analysis Framework
      • Malware Analysis Tools
    • Metrics SIG
      • Metrics SIG Webinars
    • NETSEC SIG
    • Passive DNS Exchange
    • PSIRT SIG
    • Red Team SIG
    • Retail and Consumer Packaged Goods (CPG) SIG
    • Security Lounge SIG
    • Threat Intel Coalition SIG
      • Membership Requirements and Veto Rules
    • Traffic Light Protocol (TLP-SIG)
    • Transportation and Mobility SIG
    • Vulnerability Coordination
      • Multi-Party Vulnerability Coordination and Disclosure
      • Guidelines and Practices for Multi-Party Vulnerability Coordination and Disclosure
    • Vulnerability Reporting and Data eXchange SIG (VRDX-SIG)
      • Vulnerability Database Catalog
    • Women of FIRST
  • Internet Governance
  • IR Database
  • Fellowship Program
    • Application Form
  • Mentorship Program
  • IR Hall of Fame
    • Hall of Fame Inductees
  • Victim Notification
  • Volunteers at FIRST
    • FIRST Volunteers
    • Volunteer Contribution Record
  • Previous Activities
    • Best Practices Contest