Software Engineering Institute

A national computer security incident response team (CSIRT) serves a unique role in protecting and defending its country or economy from cybersecurity incidents that can have an impact on national or economic security and public safety. It serves as a center of technical capability for the prevention, detection, and response coordination of cybersecurity incidents.

Over the past thirty years, more than 130 national CSIRTs have been established. Also, during this time, organizations have produced various documents and resources that address best practices for creating and managing CSIRTs, including national CSIRTs. However, because of differences in culture, economics, and government structure, the organization and responsibilities of national CSIRTs vary among countries and economies. Such differences include how many national CSIRTs serve a country, where they are located, who their constituencies are, and the nature of their services and responsibilities. With so many variables, how is it possible to ensure the sustainability and success of a national CSIRT?

This document can be used in conjunction with existing resource materials to help you prioritize efforts for developing or enhancing your own national CSIRT.