Education Program: Services Framework

FIRST publishes an update to its CSIRT Services Framework as version 1.1

19 May 2017 - The Forum of Incident Response and Security Teams, Inc. (FIRST) today publishes an update to its CSIRT Services Framework. This is an important milestone on the way to a complete and consistent description of services provided CSIRTs. The new CSIRT Services Framework Version 1.1 (PDF) enhances the original version published last year.

FIRST publishes Security Incident Response Teams (SIRTs) Services Framework Version 1.0 and commits to developing training content to support it

30 March 2016 - The Forum of Incident Response and Security Teams, Inc. (FIRST) has announced publication of the SIRT Services Framework Version 1.0. This initial release provides an update on the services provided by Security Incident Response Teams and was developed in collaboration with experts from 25 countries across 6 continents.

The Framework is an important step towards FIRST’s goal to develop, with the help of the global security community, a formal education and training program to advance the skills of SIRTs around the world. Thanks to a donation by the International Telecommunications Union (ITU), the Framework is now in the process of being translated into Arabic, Chinese, French, Russian, and Spanish.

FIRST is extremely grateful to our members and other experts for their contribution and help in developing the Framework. We believe version 1.0 is a much needed resource for the CSIRT community and we have committed significant resources to mature the framework and develop training content to support it. Our goal remains to engage with the global incident response community to advance our collective capabilities and improve performance.

Margrete Raaum, President of FIRST

As a next step, FIRST will work to include guidance in the framework for the development and maturity of services for Product Security Incident Response Teams (PSIRTs) and regional CSIRTs. In addition, this update will also fully define tasks and sub-tasks to implement individual actions in the services framework. FIRST will continue to engage the security community in the refinement of this update.

Members of the incident response community can get involved by contacting the FIRST Education Program at

FIRST develops framework for education curriculum for global Computer Security Incident Response Teams (CSIRTs)

15 May 2015 - The Forum of Incident Response and Security Teams (FIRST) has announced its intention to develop an education program for CSIRTs around the world with the help of the global security community. The development of the curriculum will be a collaborative effort convened by FIRST which starts today with the online publication of a draft "CSIRT Services Framework"; FIRST is asking for community input on this list of services a CSIRT is likely to provide and for which training may be required.

FIRST has already hosted two community summits, both in the US and in the UK, to gather feedback on curriculum needs and the services a CSIRT team may deliver to its constituency. These have involved CSIRT participants from national bodies and from educational communities of 15 countries across 6 continents. The services framework list being published today is the first result of their collaboration.

Maarten Van Horenbeeck, President of FIRST says, "Countries are increasingly recognizing the importance of incident response teams in the fight against cyber-crime and the need for collaboration across borders. Our intention is to complement the excellent training that already exists for individuals with an education program that helps enhance and develop team capability to improve performance and, critically, collaboration. We will develop this curriculum with the input of the incident response community to ensure it addresses real needs and adds value where it is needed the most."

"By publishing the "CSIRT services framework" for public comment, we hope to garner high-quality comments and insights from stakeholders around the world that will then act as the basis of a wide-ranging training curriculum."

A third community summit is being held at the 27th Annual FIRST Conference taking place this June in Berlin, where a broader cross-section of stakeholders including private sector will have the opportunity to provide input.

Members of the incident response community can get involved by sharing their views on the CSIRT services list published here by Friday, May 15 2015. Please add comments to the FIRST CSIRT Services Framework - Comment Matrix provided here and send to