The U.S. Department of State, Office of the Coordinator for Cyber
Issues commissioned the Software Engineering Institute (SEI) to create
the Sector CSIRT Framework for (1) developing a sector-based computer
security incident response and coordination capability and (2)
integrating this capability into a larger national cybersecurity
ecosystem as applicable. The framework is a guide for helping interested
parties develop the policies, processes, and procedures necessary to
operationalize a sector Computer Security Incident Response Team
(CSIRT), a uniquely adapted, specialized incident response team. The
framework outlines a process that moves the sector CSIRT from concept to
reality. The framework helps the team developing the sector CSIRT
understand the current conditions of incident response in the sector
(i.e., the as-is state) and how to move it to a robust operating state
(i.e., the to-be state). It bridges the gap between these two states
using a well-defined roadmap and implementation process.
The Sector CSIRT Framework is intended for individuals and
organizations—including CSIRT managers, national CSIRTs, and others—who
are developing or implementing a sector CSIRT. Using this framework,
these individuals or organizations can move a sector CSIRT from a
concept to the reality of a fully operational team.
Publisher Statement
This material is based upon work funded and supported by the Department of State under Contract No.FA8702-15-D-0002 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center sponsored by the United States Department of Defense. The view, opinions, and/or findings contained in this material are those of the author(s) and should not be construed as an official Government position, policy, or decision, unless designated by other documentation. This report was prepared for the SEI Administrative Agent AFLCMC/AZS 5 Eglin Street Hanscom AFB, MA
01731-2100 NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.
[DISTRIBUTION STATEMENT A] This material has been approved for public release and unlimited distribution. Please see Copyright notice for non-US Government use and distribution.Date
2021-06-28Copyright Statement
Copyright 2021 Carnegie Mellon University
Internal use:* Permission to reproduce this material and to prepare derivative works from this material for internal use is granted, provided the copyright and “No Warranty” statements are included with all reproductions and derivative works. External use:* This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other external and/or commercial use. Requests for permission should be directed to the Software Engineering Institute at permission@sei.cmu.edu.
* These restrictions do not apply to U.S. government entities. Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the U.S. Patent and Trademark Office by Carnegie Mellon University. DM21-0108