| CARVIEW |
- About FIRST
- Mission Statement
- Strategy Framework
- History
- Sustainable Development Goals
- Organization
- FIRST Policies
- Anti-Corruption Policy
- Antitrust Policy
- Bylaws
- Board duties
- Bug Bounty Program
- Code of Conduct
- Conflict of Interest Policy
- Document Record Retention and Destruction Policy
- FIRST Press Policy
- General Event Registration Refund Policy
- Guidelines for Site Selection for all FIRST events
- Identity & Logo Usage
- Mailing List Policy
- Media Policy
- Privacy Policy
- Registration Terms & Conditions
- Services Terms of Use
- Standards Policy
- Statement on Diversity & Inclusion
- Translation Policy
- Travel Policy
- Uniform IPR Policy
- Whistleblower Protection Policy
- Partnerships
- Newsroom
- Procurement
- Jobs
- Contact
- Membership
- Initiatives
- Special Interest Groups (SIGs)
- SIGs Framework
- Academic Security SIG
- AI Security SIG
- Automation SIG
- Cybersecurity Communications SIG
- Common Vulnerability Scoring System (CVSS-SIG)
- CSIRT Framework Development SIG
- Cyber Insurance SIG
- Cyber Threat Intelligence SIG
- Curriculum
- Introduction
- Introduction to CTI as a General topic
- Methods and Methodology
- Priority Intelligence Requirement (PIR)
- Source Evaluation and Information Reliability
- Machine and Human Analysis Techniques (and Intelligence Cycle)
- Threat Modelling
- Training
- Standards
- Glossary
- Communicating Uncertainties in CTI Reporting
- Webinars and Online Training
- Building a CTI program and team
- Curriculum
- Detection Engineering & Threat Hunting SIG
- Digital Safety SIG
- DNS Abuse SIG
- Stakeholder Advice
- Detection
- Cache Poisoning
- Creation of Malicious Subdomains Under Dynamic DNS Providers
- DGA Domains
- DNS As a Vector for DoS
- DNS Beacons - C2 Communication
- DNS Rebinding
- DNS Server Compromise
- DNS Tunneling
- DoS Against the DNS
- Domain Name Compromise
- Dynamic DNS (as obfuscation technique)
- Fast Flux (as obfuscation technique)
- Infiltration and exfiltration via the DNS
- Lame Delegations
- Local Resolver Hijacking
- Malicious registration of (effective) second level domains
- On-path DNS Attack
- Stub Resolver Hijacking
- Detection
- Code of Conduct & Other Policies
- Examples of DNS Abuse
- Stakeholder Advice
- Ethics SIG
- Exploit Prediction Scoring System (EPSS)
- FIRST Multi-Stakeholder Ransomware SIG
- Human Factors in Security SIG
- Industrial Control Systems SIG (ICS-SIG)
- Information Exchange Policy SIG (IEP-SIG)
- Information Sharing SIG
- Law Enforcement SIG
- Malware Analysis SIG
- Metrics SIG
- NETSEC SIG
- Public Policy SIG
- PSIRT SIG
- Red Team SIG
- Security Lounge SIG
- Security Operations Center SIG
- Threat Intel Coalition SIG
- Traffic Light Protocol (TLP-SIG)
- Transportation and Mobility SIG
- Vulnerability Coordination
- Vulnerability Reporting and Data eXchange SIG (VRDX-SIG)
- Women of FIRST
- CCB Initiatives
- FIRST CORE
- Internet Governance
- IR Database
- Fellowship Program
- Mentorship Program
- IR Hall of Fame
- Victim Notification
- Volunteers at FIRST
- Previous Activities
- Special Interest Groups (SIGs)
- Standards & Publications
- Events
- Education
- Blog
FIRST Services Framework
The Services Frameworks are high level documents detailing possible services CSIRTs and PSIRTs may provide. They are developed by recognized experts from the FIRST community. FIRST strives to include feedback from all sectors, including CSIRTs with a national responsibility, private sector CSIRTs and PSIRTS as well as other stakeholders. These documents where intended to provide a foundation for the development of new training material.However today they are used in a much wider scope, e.g. when defining an initial service catalogue for new teams. These documents will be made available in English, Arabic, Chinese, French, Russian and Spanish.
In the creation of the CSIRT framework it became clear, that PSIRTs do provide quite different services and typically operate in quite different environments. It was thus decided to create a separate document covering PSIRTs. The two documents will be aligned highlighting the many similarities shared.
The development of the Frameworks is driven by the CSIRT Framework Development SIG.
Purpose
The Frameworks are to assist organizations in building, maintaining, and growing capabilities of their CSIRT or PSIRTs. The frameworks are a guide and identify various models, capabilities, services and outcomes. In this way, teams are free to implement their own model and to build capabilities that meet their Stakeholder’s unique needs. The Frameworks seek to assist SIRTs by identifying core responsibilities, providing guidance on how to build capabilities to meet those responsibilities and offering insights on how SIRT teams can add and communicate value to their larger organizations.
Status
- Currently the CSIRT Services Framework (PDF) is available at version 2.1.
- The addendum to it about CSIRT Roles and Competencies (PDF) is available at version 0.9 for review.
- The PSIRT Services Framework (PDF) at version 1.0.
- The document about Team Types within the context of Security Incident Management has been updated to version 1.1: PDF.
Downloads
CSIRT Services Framework
-
English
-
Arabic
-
Chinese
-
French
-
Spanish
-
Japanese
-
Russian
-
Addendum
CSIRT Roles and Competencies -
Team Types within the context of Security Incident
Management Services Frameworks
PSIRT Services Framework
- English
- Arabic
- Chinese
- French
- Spanish
- Japanese
- Russian
SIRT Services Framework
- English
- Arabic
- Chinese
- French
- Russian
- Spanish