Standards
In order to improve the interoperability of incident response teams, FIRST actively works to help our members standardize incident response processes and activities. We do so by contributing to external standards efforts where possible, and where no such initiatives exist, allow our members to develop and publish standards within the organization.
FIRST Standards
FIRST members are encouraged to initiate Special Interest Groups to develop standards that increase interoperability between security and incident response teams. SIGs are chartered based on an initial charter submitted by the interested parties. Below is a list of current standards maintained by FIRST SIGs.
FIRST maintains theCommon Vulnerability Scoring System, an open framework for communicating the characteristics and severity of software vulnerabilities.
FIRST maintains a TLP SIG governing the definition of theTraffic Light Protocol, a standard intended to facilitate greater sharing of sensitive information.
- TLP v2.0 - English
- TLP v2.0 - Brazilian Portuguese
- TLP v2.0 - Chinese
- TLP v2.0 - Czech
- TLP v2.0 - Dutch
- TLP v2.0 - French
- TLP v2.0 - Greek
- TLP v2.0 - Japanese
- TLP v2.0 - Norwegian
- TLP v2.0 - Romanian
- TLP v2.0 - Spanish
- TLP v2.0 - Swedish
- TLP v1.0 (Deprecated August 2022)
TheServices Frameworks are high-level documents detailing possible services that computer incident response teams (CSIRTs) and product incident response teams (PSIRTs) may provide.
TheServices Frameworks are high-level documents detailing possible services that computer incident response teams (CSIRTs) and product incident response teams (PSIRTs) may provide.
- English
- Chinese
- French
- Spanish
- Japanese
- Russian
FIRST maintains theIEP SIG governing theInformation Exchange Policy, an extensible information exchange policy framework intended for automating the exchange of security and threat information.
FIRST maintains acommon output format for Passive DNS servers, which clients can query. The standard proposes a common output format to make passive DNS information more universally usable.
TheExploit Prediction Scoring System (EPSS) is an open, data-driven effort for predicting when software vulnerabilities will be exploited. The goal of this effort is to assist network defenders in better prioritizing vulnerability remediation efforts and defend their networks.
FIRST contributions to external standards bodies
Where existing standards are in development, FIRST works to create opportunities for its members to participate in other standards bodies. Standards bodies in which FIRST participates on behalf of its membership are ISO and ITU.
International Organization for Standardization (ISO)
FIRST established a number Category C liaison relationship with ISO/IEC JTC 1/SC 27. The relationship is established with Working Group 3 (WG3) and WG4. Damir Rajnovic (gaus@first.org) is appointed as a liaison officer. You can read more about SC 27 activities atSC 27 home page.
The list of all standards that are developing within JTC 1/SC 27 are visiblehere.
Currently Vendor SIG is actively working and/or monitoring the following ISO activities:
- ISO 27010 - Guidance for Information Security Management for Inter-sector Communications
- ISO 27032 - Guidelines for Cybersecurity
- ISO 27035 - Information Security Incident Management
- ISO 27037 - Evidence Acquisition Procedure for Digital Forensics
- ISO 29147 - Responsible Vulnerability Disclosure
Further information on ISO related activities can be found at:ISO activities page (FIRST members only).
ITU Telecommunication Standardization Sector (ITU-T)
FIRST maintains asector membership with ITU. In particular FIRST is focused in the work done within Study Group 17, Question 4 (SG17/Q4). Study Group 17 is working on recomendations related tosecurity while Question 4 is focused onCybersecurity. Damir Rajnovic (gaus.rajnovic@eu.panasonic.com) is appointed as a liaison officer.
The main piece of work within Q4, in 2009-2012 study period, is centered aroundCYBEX framework. FIRST is contributing itsCVSS as one of the components to the CYBEX framework. In addition to CVSS, FIRST is offering combined expertise of its members as a unique source of expertise in handling computer and computer related incident.
FIRST is also investigating how to work with ITU-T to further goals ofResolution 58 Encourage the creation of national computer incident response teams, particularly for developing countries.
More information on on CYBEX related activities can be found atITU-T SG17/Q4 CYBEX Framework.
