Computer Security Incident Response Team (CSIRT) services roles and competencies

Abstract

This standard document aims to extend the existing FIRST CSIRT Services Framework. It helps to clarify the needs and requirements for CSIRT roles and will enable the quick(er) and more consistent writing of role descriptions. In addition it provides a clear overview of specific competencies that are important in handling the functions and tasks related to specific services provided. The CSIRT Services Roles and Competencies supplemental document was developed using the original version of the NIST NICE Framework. For the initial task of the mapping roles to the FIRST CSIRT Services Framework services and functions, the SIG used work roles and tasks where appropriate, and competencies rather than the lower-level KSAs, which may be addressed later. For each CSIRT services area the applicable roles are listed in alphabetical order and described in more detail.