The Sector CSIRT Framework: Developing Sector-Based Incident Response Capabilities

The U.S. Department of State, Office of the Coordinator for Cyber Issues commissioned the Software Engineering Institute (SEI) to create the Sector CSIRT Framework for (1) developing a sector-based computer security incident response and coordination capability and (2) integrating this capability into a larger national cybersecurity ecosystem as applicable. The framework is a guide for helping interested parties develop the policies, processes, and procedures necessary to operationalize a sector Computer Security Incident Response Team (CSIRT), a uniquely adapted, specialized incident response team.

The framework outlines a process that moves the sector CSIRT from concept to reality. The framework helps the team developing the sector CSIRT understand the current conditions of incident response in the sector (i.e., the as-is state) and how to move it to a robust operating state (i.e., the to-be state). It bridges the gap between these two states using a well-defined roadmap and implementation process.

The Sector CSIRT Framework is intended for individuals and organizations—including CSIRT managers, national CSIRTs, and others—who are developing or implementing a sector CSIRT. Using this framework, these individuals or organizations can move a sector CSIRT from a concept to the reality of a fully operational team.