2021_005_001_734796.pdf (1.63 MB)

The Sector CSIRT Framework: Developing Sector-Based Incident Response Capabilities.

Download (1.63 MB)

The U.S. Department of State, Office of the Coordinator for Cyber Issues commissioned the Software Engineering Institute (SEI) to create the Sector CSIRT Framework for (1) developing a sector-based computer security incident response and coordination capability and (2) integrating this capability into a larger national cybersecurity ecosystem as applicable. The framework is a guide for helping interested parties develop the policies, processes, and procedures necessary to operationalize a sector Computer Security Incident Response Team (CSIRT), a uniquely adapted, specialized incident response team. The framework outlines a process that moves the sector CSIRT from concept to reality. The framework helps the team developing the sector CSIRT understand the current conditions of incident response in the sector (i.e., the as-is state) and how to move it to a robust operating state (i.e., the to-be state). It bridges the gap between these two states using a well-defined roadmap and implementation process.

The Sector CSIRT Framework is intended for individuals and organizations—including CSIRT managers, national CSIRTs, and others—who are developing or implementing a sector CSIRT. Using this framework, these individuals or organizations can move a sector CSIRT from a concept to the reality of a fully operational team.


Publisher Statement

This material is based upon work funded and supported by the Department of State under Contract No.FA8702-15-D-0002 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center sponsored by the United States Department of Defense. The view, opinions, and/or findings contained in this material are those of the author(s) and should not be construed as an official Government position, policy, or decision, unless designated by other documentation. This report was prepared for the SEI Administrative Agent AFLCMC/AZS 5 Eglin Street Hanscom AFB, MA 01731-2100 NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. [DISTRIBUTION STATEMENT A] This material has been approved for public release and unlimited distribution. Please see Copyright notice for non-US Government use and distribution.



Copyright Statement

Copyright 2021 Carnegie Mellon University Internal use:* Permission to reproduce this material and to prepare derivative works from this material for internal use is granted, provided the copyright and “No Warranty” statements are included with all reproductions and derivative works. External use:* This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other external and/or commercial use. Requests for permission should be directed to the Software Engineering Institute at permission@sei.cmu.edu. * These restrictions do not apply to U.S. government entities. Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the U.S. Patent and Trademark Office by Carnegie Mellon University. DM21-0108

Usage metrics