FIRST Services Framework

The Services Frameworks are high level documents detailing possible services CSIRTs and PSIRTs may provide. They are developed by recognized experts from the FIRST community. FIRST strives to include feedback from all sectors, including CSIRTs with a national responsibility, private sector CSIRTs and PSIRTS as well as other stakeholders. These documents where intended to provide a foundation for the development of new training material.However today they are used in a much wider scope, e.g. when defining an initial service catalogue for new teams. These documents will be made available in English, Arabic, Chinese, French, Russian and Spanish.

In the creation of the CSIRT framework it became clear, that PSIRTs do provide quite different services and typically operate in quite different environments. It was thus decided to create a separate document covering PSIRTs. The two documents will be aligned highlighting the many similarities shared.

The development of the Frameworks is driven by the CSIRT Framework Development SIG.

Purpose

The Frameworks are to assist organizations in building, maintaining, and growing capabilities of their CSIRT or PSIRTs. The frameworks are a guide and identify various models, capabilities, services and outcomes. In this way, teams are free to implement their own model and to build capabilities that meet their Stakeholder’s unique needs. The Frameworks seek to assist SIRTs by identifying core responsibilities, providing guidance on how to build capabilities to meet those responsibilities and offering insights on how SIRT teams can add and communicate value to their larger organizations.

Status

Both documents are still being developed. Interims version are available for use and comments.

Currently the CSIRT Services Framework (PDF) is available at version 2.1. The newly addendum to it about CSIRT Roles and Competencies (PDF) is available at version 0.9 for review. The PSIRT Services Framework (PDF) at version 1.0.

FIRST Services Framework News

July 21st 2019 - The Forum of Incident Security Response Teams, Inc. (FIRST) is pleased to release the CSIRT Services Framework Version 2.0 (PDF). This version is heavily based on the lessons learned from our work on the PSIRT Services Framework and feedback received from practitioners. The volunteers contributing to took time to restructuring the previous versions to address recognized weaknesses. Because of this, we ask for feedback from all interested parties which will then become incorporated in the planned Version 2.1.

June 21st 2018 - The Forum of Incident Security Response Teams, Inc. (FIRST) is pleased to release the final Product Security Incident Response Teams (PSIRT) Services Framework (PDF) and accompanying training video course. This framework and training video course were developed by a global team of PSIRT practitioners from FIRST members and relevant subject matter experts.

See the full announcement.

The leading association of incident response and security teams released a draft of the Product Security Incident Response Teams (PSIRT) Services Framework for public input. This is a formal list of services a PSIRT may consider implementing to address the needs of their constituency. Public input is welcomed until August 31, 2017 via psirt-comments@first.org.