Expectations for Computer Security Incident Response
RFC 2350, “Expectations for Computer Security Incident Response”, is a Best Current Practice document published in June 1998 by N. Brownlee, E. Guttman. The canonical text is published by the RFC Editor.
Abstract
The purpose of this document is to express the general Internet community's expectations of Computer Security Incident Response Teams (CSIRTs). It is not possible to define a set of requirements that would be appropriate for all teams, but it is possible and helpful to list and describe the general set of topics and issues which are of concern and interest to constituent communities. CSIRT constituents have a legitimate need and right to fully understand the policies and procedures of 'their' Computer Security Incident Response Team. One way to support this understanding is to supply detailed information which users may consider, in the form of a formal template completed by the CSIRT. An outline of such a template and a filled in example are provided.
What “Best Current Practice” means
Documents the IETF community's recommended operational or procedural practice rather than a protocol specification.
The canonical text of RFC 2350 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 2349 TFTP Timeout Interval and Transfer Size Options
- RFC 2351 Mapping of Airline Reservation, Ticketing, and Messaging Traffic over IP
- RFC 2348 TFTP Blocksize Option
- RFC 2352 A Convention For Using Legal Names as Domain Names
- RFC 2347 TFTP Option Extension
- RFC 2353 APPN/HPR in IP Networks APPN Implementers' Workshop Closed Pages Document
- RFC 2346 Making Postscript and PDF International
- RFC 2354 Options for Repair of Streaming Media