The Services Frameworks are high level documents detailing possible services CSIRTs and PSIRTs may provide. They are developed by recognized experts from the FIRST community. FIRST strives to include feedback from all sectors, including CSIRTs with a national responsibility, private sector CSIRTs and PSIRTS as well as other stakeholders. These documents where intended to provide a foundation for the development of new training material.However today they are used in a much wider scope, e.g. when defining an initial service catalogue for new teams. These documents will be made available in English, Arabic, Chinese, French, Russian and Spanish.
In the creation of the CSIRT framework it became clear, that PSIRTs do provide quite different services and typically operate in quite different environments. It was thus decided to create a separate document covering PSIRTs. The two documents will be aligned highlighting the many similarities shared.
The development of the Frameworks is driven by the Education Advisory Board.
The Frameworks are to assist organizations in building, maintaining, and growing capabilities of their CSIRT or PSIRTs. The frameworks are a guide and identify various models, capabilities, services and outcomes. In this way, teams are free to implement their own model and to build capabilities that meet their Stakeholder’s unique needs. The Frameworks seek to assist SIRTs by identifying core responsibilities, providing guidance on how to build capabilities to meet those responsibilities and offering insights on how SIRT teams can add and communicate value to their larger organizations.
Both documents are still being developed. Interims version are available for use and comments.
14 June 2017 - The Forum of Incident Security Response Teams, Inc. (FIRST) is pleased to release the initial Product Security Incident Response Teams (PSIRT) Services Framework (PDF) for public input. This framework was developed by a global team of PSIRT practitioners from FIRST members and relevant subject matter experts. Development of this initial framework for public input is consistent with FIRST’s goal of producing a framework that is reflective of broad community input and support. FIRST will be accepting comments on the framework through August 31, 2017. Comments are currently being ajudicated into the framework.
See the full announcement for more information and details on how to submit comments.
19 May 2017 - The Forum of Incident Response and Security Teams, Inc. (FIRST) today publishes an update to its CSIRT Services Framework. This is an important milestone on the way to a complete and consistent description of services provided CSIRTs. The new CSIRT Services Framework Version 1.1 (PDF) enhances the original version published last year.