CSIRT Framework Development SIG
The state-of-the-art for CSIRTs could still improve considerably by extending and improving the available set of foundational frameworks and materials. The SIG will seek to involve experts interested in that work and provide a community to discuss improvements in need, existing gaps and (potential) new developments – taking into account, and collaborating where appropriate, initiatives from within FIRST and other entities/communities aiming for similar objectives (like APCERT, ENISA, GFCE, ITU, LACNIC, OCF, OAS, TF-CSIRT, etc.).
By identifying needed materials which are not readily available from other entities, the SIG will discuss needs and gaps and decide on the way forward either by:
- Bringing in a resource for improvement work after agreement by the original authors and/or copyright owners (preferably get them on board);
- Analyzing in more detail how to fill identified gaps/issues;
- Identifying the need for a more widely consolidated effort, requiring extra means or a wider audience, and taking this up within FIRST;
- Monitoring the take-up of identified gaps and issues by other entities and communities and coordinate liaisonships with such efforts;
- Taking up the (re-)drafting and publication of the CSIRT services framework should the need arise.
Goals & Deliverables
Until June 2024, the SIG aims to:
- Produce the v1.0 of the addendum "CSIRT Roles and Competencies" based on the review of the CSIRT community;
- Respond to the review results of the addendum "Incident Management Team Types" until December 2023;
- Produce the v1.0 of the addendum "Incident Management Team Types" until March 2024 and provide a slide deck for further use;
- Work on a significantly updated extension of the "Incident Management Team Types" document containing commonly recognized team sub-types (like "coordinating CSIRT");
- Foster liaisonships with other communities/organizations supporting CSIRT capacity/capability/maturity initiatives to improve the adoption of the CSIRT Services Framework v2.1 and the new addendum as well as the defined team types (at least: APCERT, ENISA, GFCE, ITU, LACNIC, OCF, OAS, TF-CSIRT);