Controls

Terug naar overzicht
Version

SB.4.004 CSIRT

Crisis & Incident Response
High
High
High
Organisation
v2.0 (Q1 2024)

Description

The organization has a (contracted) CSIRT.

The CSIRT is fully mandated to respond to active threats to limit the impact of potential security incidents.

Specification

The CSIRT has an average maturity according to the SIM3 maturity model for CSIRTS of 2 or higher on each of the O, H, T and P categories (see: https://www.trusted-introducer.org/SIM3-Reference-Model.pdf).

Contact information of the CSIRT is published in the RFC2350 format.
The CSIRT maturity is reviewed annually.

CSIRT members of SURF member organisations have at a miminum followed an incident response course.

Specification

ISO

The CSIRT has an average maturity according to the SIM3 maturity model for CSIRTS of 2 or higher on each of the O, H, T and P categories (see: https://www.trusted-introducer.org/SIM3-Reference-Model.pdf).
Contact information of the CSIRT is published in the RFC2350 format.
The CSIRT maturity is reviewed annually.

NBA