In order to improve the interoperability of incident response teams, FIRST actively works to help our members standardize incident response processes and activities. We do so by contributing to external standards efforts where possible, and where no such initiatives exist, allow our members to develop and publish standards within the organization.
FIRST members are encouraged to initiate Special Interest Groups to develop standards that increase interoperability between security and incident response teams. SIGs are chartered based on an initial charter submitted by the interested parties. Below is a list of current standards maintained by FIRST SIGs.
FIRST maintains a TLP SIG governing the definition of the Traffic Light Protocol, a standard intended to facilitate greater sharing of sensitive information.
FIRST maintains the Common Vulnerability Scoring System, an open framework for communicating the characteristics and severity of software vulnerabilities.
FIRST maintains a common output format for Passive DNS servers, which clients can query. The standard proposes a common output format to make passive DNS information more universally usable.
Where existing standards are in development, FIRST works to create opportunities for its members to participate in other standards bodies. Standards bodies in which FIRST participates on behalf of its membership are ISO and ITU.
FIRST established a number Category C liaison relationship with ISO/IEC JTC 1/SC 27. The relationship is established with Working Group 3 (WG3) and WG4. Damir Rajnovic (firstname.lastname@example.org) is appointed as a liaison officer. You can read more about SC 27 activities at SC 27 home page.
The list of all standards that are developing within JTC 1/SC 27 are visible here.
Currently Vendor SIG is actively working and/or monitoring the following ISO activities:
Further information on ISO related activities can be found at: ISO activities page (FIRST members only).
FIRST maintains a sector membership with ITU. In particular FIRST is focused in the work done within Study Group 17, Question 4 (SG17/Q4). Study Group 17 is working on recomendations related to security while Question 4 is focused on Cybersecurity. Damir Rajnovic (email@example.com) is appointed as a liaison officer.
The main piece of work within Q4, in 2009-2012 study period, is centered around CYBEX framework. FIRST is contributing its CVSS as one of the components to the CYBEX framework. In addition to CVSS, FIRST is offering combined expertise of its members as a unique source of expertise in handling computer and computer related incident.
FIRST is also investigating how to work with ITU-T to further goals of Resolution 58 Encourage the creation of national computer incident response teams, particularly for developing countries.
More information on on CYBEX related activities can be found at ITU-T SG17/Q4 CYBEX Framework.