ENISA has published a new study that provides an overview of existing mechanisms supporting Computer Emergency Response Teams (CERTs) to deploy capabilities necessary for their operations and their maturity level.
The new study introduces these mechanisms according to the CERT maturity levels that they address, based on eight predefined criteria including requirements that CERTs must meet; CERTs’ focus: type or region; and definitions and terminology used.
Reasons for harmonisation:
As partly confirmed by direct consultations with CERTs during the study, CERTs are in need of harmonisation for the following reasons:
- Requirements and validation process: CERTs need to meet and adhere to different requirements, which is resource- and time-intensive. This would be much more effective and easier based on harmonisation across the CERT community.
- Definitions and terminology: Many terms and definitions used by CERT organisations are already similar. Harmonising core terms such as CERT (CSIRT), constituency, or incident would make these mechanisms significantly more compatible and make it easier for CERTs to subscribe to, or utilise, various mechanisms.
- CERT types (sectors): It could be beneficial for different mechanisms to harmonise their definitions of sectors that vertical-specific CERTs typically focus on, and to specify clearly various constituency types, as doing so would offer more clarity and transparency surrounding CERT activities.
- Training: Harmonisation could lead to synergies, proliferation of training opportunities for CERTs, and more opportunities for CERTs to meet and share good practices. Good progress has already taken place in this respect with several CERT organisations including ENISA and FIRST supporting TERENA’s TRANSITS training for CERTs, and ENISA producing material that actively is rolled out to CERTs on request.
For the full ENISA report: CERT community - Recognition mechanisms and schemes