Standards

In order to improve the interoperability of incident response teams, FIRST actively works to help our members standardize incident response processes and activities. We do so by contributing to external standards efforts where possible, and where no such initiatives exist, allow our members to develop and publish standards within the organization.

FIRST Standards

FIRST members are encouraged to initiate Special Interest Groups to develop standards that increase interoperability between security and incident response teams. SIGs are chartered based on an initial charter submitted by the interested parties. Below is a list of current standards maintained by FIRST SIGs.

• CVSS: Common Vulnerability Scoring System

  FIRST maintains the Common Vulnerability Scoring System, an open framework for communicating the characteristics and severity of software vulnerabilities.

  • English
    • v3.1 HTML
    • v3.1 PDF Format

• TLP: Traffic Light Protocol

  FIRST maintains a TLP SIG governing the definition of the Traffic Light Protocol, a standard intended to facilitate greater sharing of sensitive information.

  
  

  • TLP v2.0 - English
    • PDF Format (A4)
    • PDF Format (Letter)
    • RTF Format
  • TLP v2.0 - Brazilian Portuguese
    • PDF Format (A4)
    • RTF Format
  • TLP v2.0 - Chinese
    • PDF Format (A4)
    • RTF Format
  • TLP v2.0 - Czech
    • PDF Format (A4)
    • RTF Format
  • TLP v2.0 - Dutch
    • PDF Format (A4)
    • RTF Format
  • TLP v2.0 - French
    • PDF Format (A4)
    • RTF Format
  • TLP v2.0 - Greek
    • v2.0 PDF Format (A4)
    • v2.0 RTF Format
  • TLP v2.0 - Japanese
    • PDF Format (A4)
    • RTF Format
  • TLP v2.0 - Norwegian
    • PDF Format (A4)
    • RTF Format
  • TLP v2.0 - Romanian
    • PDF Format (A4)
    • RTF Format
  • TLP v2.0 - Spanish
    • PDF Format (A4)
    • RTF Format
  • TLP v2.0 - Swedish
    • PDF Format (A4)
    • RTF Format
      
      
  • TLP v1.0 (Deprecated August 2022)

• CSIRT Services Framework

  The Services Frameworks are high-level documents detailing possible services that computer incident response teams (CSIRTs) and product incident response teams (PSIRTs) may provide.

  • English
    • v2.1 HTML
    • v2.1 PDF Format
    • v2.0 PDF Format
    • v1.1.1 PDF Format
    • v1.1 PDF Format
      
      
  • Addendum
    CSIRT Roles and Competencies
    • v0.9.0 PDF Format
  • Chinese
    • v2.1 PDF Format
  • French
    • v2.1 PDF Format
  • Spanish
    • v2.1 PDF Format
  • Japanese
    • v2.1 PDF Format
    • v1.1 PDF Format
  • Russian
    • v2.1 PDF Format

• PSIRT Services Framework

  The Services Frameworks are high-level documents detailing possible services that computer incident response teams (CSIRTs) and product incident response teams (PSIRTs) may provide.

  • English
    • PSIRT Maturity, HTML
    • PSIRT Maturity, PDF Format
    • v1.1 HTML
    • v1.1 PDF Format
    • v1.0 HTML
    • v1.0 PDF Format
  • Chinese
    • v1.1 PDF Format
  • French
    • v1.1 PDF Format
  • Spanish
    • v1.1 PDF Format
  • Japanese
    • PSIRT Maturity, PDF Format
    • v1.1 PDF Format
  • Russian
    • v1.1 PDF Format

• Information Exchange Policy

  FIRST maintains the IEP SIG governing the Information Exchange Policy, an extensible information exchange policy framework intended for automating the exchange of security and threat information.

  • English
    • v1.0 HTML
    • v1.0 PDF Format

• Passive DNS

  FIRST maintains a common output format for Passive DNS servers, which clients can query. The standard proposes a common output format to make passive DNS information more universally usable.

• Exploit Prediction Scoring System (EPSS)

  The Exploit Prediction Scoring System (EPSS) is an open, data-driven effort for predicting when software vulnerabilities will be exploited. The goal of this effort is to assist network defenders in better prioritizing vulnerability remediation efforts and defend their networks.

FIRST contributions to external standards bodies

Where existing standards are in development, FIRST works to create opportunities for its members to participate in other standards bodies. Standards bodies in which FIRST participates on behalf of its membership are ISO and ITU.

International Organization for Standardization (ISO)

FIRST established a number Category C liaison relationship with ISO/IEC JTC 1/SC 27. The relationship is established with Working Group 3 (WG3) and WG4. Damir Rajnovic (gaus@first.org) is appointed as a liaison officer. You can read more about SC 27 activities at SC 27 home page.

The list of all standards that are developing within JTC 1/SC 27 are visible here.

Currently Vendor SIG is actively working and/or monitoring the following ISO activities:

Further information on ISO related activities can be found at: ISO activities page (FIRST members only).

ITU Telecommunication Standardization Sector (ITU-T)

FIRST maintains a sector membership with ITU. In particular FIRST is focused in the work done within Study Group 17, Question 4 (SG17/Q4). Study Group 17 is working on recomendations related to security while Question 4 is focused on Cybersecurity. Damir Rajnovic (gaus.rajnovic@eu.panasonic.com) is appointed as a liaison officer.

The main piece of work within Q4, in 2009-2012 study period, is centered around CYBEX framework. FIRST is contributing its CVSS as one of the components to the CYBEX framework. In addition to CVSS, FIRST is offering combined expertise of its members as a unique source of expertise in handling computer and computer related incident.

FIRST is also investigating how to work with ITU-T to further goals of Resolution 58 Encourage the creation of national computer incident response teams, particularly for developing countries.

More information on on CYBEX related activities can be found at ITU-T SG17/Q4 CYBEX Framework.