Best Practices for Establishing a National CSIRT by the Organisation of American States (OAS)

A Computer Security Incident Response Team (CSIRT) is an organization whose primary purpose is to provide information security incident response services to a particular community. Several types of CSIRTs are analyzed in this guide, including National-level CSIRTs, which respond to incidents at the nation-state level. This guide discusses the process of managing a project for the creation and deployment of a National CSIRT, including approaches and considerations necessary to define its constitution, mission, vision, scope, services, timeframe, legal, and institutional or organizational aspects. This includes an examination of the human resource requirements – both in terms of hiring and continued training – necessary to staff a national incident response team.

The guide also outlines detailed descriptions of infrastructure, covering hardware, software, and technical procedures. Finally, it analyzes different policies and procedures necessary for fluid CSIRT operation. In this regard, the guide reviews and highlights elements of existing CSIRT frameworks such as those developed by ENISA and GÉANT. Guidelines for membership and participation in certain international bodies, such as the Forum of Incident Response and Security Teams (FIRST), are also discussed.