From time-to-time, TF-CSIRT supports a range of Working Groups for the Community.  Information about current and past groups will be maintained here.

1. Reference Security Incident Taxonomy Working Group

Following a discussion amongst the CSIRT community during the 51st TF-CSIRT meeting (15 May 2017 in The Hague, Netherlands), it was concluded that there is an urgent need for a taxonomy list and name that serves as a fixed reference for everyone. This is why ENISA and TF-CSIRT created the Reference Security Incident Taxonomy Working Group. The aim of this working group is to enable the CSIRT community in reaching a consensus on a reference taxonomy.

To join the working group, the requester should send an email to ENISA secretariat or sign up for a physical meeting during a TF-CSIRT event. In case of physical meeting, please notify in presence to the ENISA secretariat or via email the request for addition to the mailing list.

For more info visit the GitHub repository

Check the TF-CSIRT meeting page to register for the next upcoming meeting.

2. TF-CSIRT Futures Working Group

The aim of the working group is to discuss the potential options for a future home for TF-CSIRT and to make recommendations to the TF-CSIRT Steering Committee as to what options should be explored further and what questions should be answered for the community. The group will not consider how these requirements will be delivered.

This group is formed to collect community input. The role of the group is advisory and not decision making.

Work of the group will be in several iterations defining questions, assessing output from external consultants, narrowing down options, defining next set of questions, etc.

This working group is closed to current members only.

3. CERTS PR Working Group

This is a working group for the CERT communication specialists, serving as a platform for collaboration and sharing materials, resources, tools & methods and experience. To join the working group and the mailing list please email


TF-CSIRT has previously supported working groups on:

  • RTIR – Request Tracker for Incident Response Working Group.
  • IRT – IRT Object Working Group.
  • IODEF – Incident Object Description and Exchange Format Working Group.
  • VEDEF – Vulnerability and Exploit Description and Exchange Format Working Group.
  • OAS-CICTE (Collaboration Group).