FIRST calls for input on policy for standards development

The Forum of Incident Response and Security Teams announces a public request for comments on a draft policy to guide cyber security standardization within its working groups.

8th June 2017 – Forum of Incident Response and Security Teams (FIRST), the leading association of security and incident response teams, is soliciting comments on a policy for standards development.

For over a decade, FIRST has contributed to standards development in cyber security, both with feedback to external standards bodies, and through its own standards development. Starting in 2005, FIRST took custodianship of the Common Vulnerability Scoring System (CVSS), a robust and powerful scoring system for IT vulnerabilities that allows organizations to prioritize them across their networks.

More recently, FIRST initiated Special Interest Groups (SIG) of community members who contribute to the development of three major information sharing standards:

  • The Traffic Light Protocol (TLP), a set of designations used to ensure that sensitive information is shared with the appropriate audience;
  • The Information Exchange Policy (IEP), a framework for defining information exchange policy, and a set of common definitions for the most common policy aspects. It addresses information exchange challenges and promotes information exchange more broadly;
  • Passive DNS exchange, prescribing a common output format for Passive DNS servers.

In order to help govern the development of these standards and ensure they are best placed to contribute to a wide community, FIRST has initiated development of a policy to help guide its current and future standards groups.

The policy defines elements such as how standards are agreed upon, how common terminology is maintained across standards, and how to deal with non-consensus proposals. It also implements a uniform approach to Intellectual Property Rights management, ensuring FIRST standards remain free for implementation and unencumbered by patent restrictions.

“Our goal with this public call for input is to gather input from as many groups as possible to craft guidelines that best proactively address issues FIRST members may experience while adopting a FIRST standard,” says Maarten Van Horenbeeck, Board member of FIRST. Information will be collected by the FIRST secretariat, and a final version is intended to be published by August.

FIRST welcomes input from the wider community on its policy document. Interested parties are invited to review the document and provide input prior to July 8th, 2017:

The document can be downloaded here.
E-mail responses to by July 8th, 2017


Founded in 1990, the Forum of Incident Response and Security Teams (FIRST) consists of internet emergency response teams from more than 360 corporations, government bodies, universities and other institutions across 78 countries in the Americas, Asia, Europe, Africa, and Oceania. It promotes cooperation among computer security incident response teams. For more information, visit:

Media Contacts

Harry Saunders
Four Communications
Tel: +44 (0)20 3697 4329