Publication
Team Types Within the Context of Services Frameworks (1.0 v)
About
Actor
Type
The Forum of Incident Response and Security Teams (FIRST) Services Frameworks have been developed for two primary team types: Computer Security Incident Response Teams (CSIRTs) and Product Security Incident Response Teams (PSIRTs). While there are established definitions for these teams, variations in practice and context may give slightly different meanings to these terms. In response to this, volunteers from the global community in the CSIRT Framework Development Special Interest Group (CSIRT SIG) have been working to build a shared understanding of these and other relevant terms.
Other team types, such as Security Operations Centers (SOCs) and Information Sharing and Analysis Centers (ISACs), are increasingly crucial for addressing cyber insecurity. Recognizing the need for consistent definitions, a CSIRT SIG project was initiated in 2022 to define and standardize team types that provide information security incident management capabilities, specifically CSIRTs, ISACs, PSIRTs, and SOCs. These discussions have been essential in establishing a common language for incident response.
The document, now updated to version 1.0, maps the developed and improved Services Frameworks and sets out to define these team types, focusing on their roles in handling security incidents, threats, and vulnerabilities. The current versions of both the CSIRT Services Framework and the PSIRT Services Framework are included. The frameworks aim to help teams identify and define their core service categories and provide a standardized set of terms for use across the global community.
Additionally, while this version outlines the four basic team types (CSIRTs, ISACs, PSIRTs, and SOCs), the CSIRT SIG has not yet addressed national or sectoral variants, which will be covered in future versions. The document emphasizes that while current terms like coordinating CSIRT and enterprise CSIRT remain valid, expanding the terminology too quickly could hinder discussions. Future updates will explore definitions for team sub-types based on a broader consensus.
