From time-to-time, TF-CSIRT supports a range of Working Groups for the Community.  Information about current and past groups will be maintained here.

1. Reference Security Incident Taxonomy Working Group

Following a discussion amongst the CSIRT community during the 51st TF-CSIRT meeting (15 May 2017 in The Hague, Netherlands), it was concluded that there is an urgent need for a taxonomy list and name that serves as a fixed reference for everyone. This is why ENISA and TF-CSIRT created the Reference Security Incident Taxonomy Working Group. The aim of this working group is to enable the CSIRT community in reaching a consensus on a reference taxonomy.

To join the working group, the requester should send an email to ENISA secretariat or sign up for a physical meeting during a TF-CSIRT event. In case of physical meeting, please notify in presence to the ENISA secretariat or via email the request for addition to the mailing list.

For more info visit the GitHub repository

Check the TF-CSIRT meeting page to register for the next upcoming meeting.

2. CERTS PR Working Group

CERTs’ PR Group – cooperation between PR, marketing specialists and communicators within CERT and CSIRT community! The aim of the group is to initiate and develop collaboration between CERT/CSIRT PR teams – to share experience, “know-how” best practice and information on reports, questionnaires, marketing tools, methods, upcoming events and anything that might be helpful to other colleagues. The scope of the CERTs’ PR Group encompasses all activities related to promotion of the industry, raising awareness and increasing understanding of cybersecurity. Participants are welcome to share experience, ideas and best practices on challenges faced when ensuring PR activities, among those:

  • Awareness rising and marketing campaigns
  • Education and outreach (both to the general public and public bodies)
  • Research and statistics/ data analysis
  • Events
  • Best practices and lessons learned / “tips and tricks”
  • Analysis of communications/marketing tools (including social media), trends and strategies within organisation and outside
  • Financial aspects (how much does it cost? How can we reach maximum with less resources?)
  • Crisis communication

We are a new working group and are still working on a more detailed plan and framework for cooperation. Thus far, we have:

  • Created an e-mail list to share anything important
  • Decided to have one face-to-face meeting per year during one of the TF-CSIRT Meetings
  • Decided to organise online meetings – if there is anything anyone would like to share

If you are interested or know PR, marketing and communication specialists from other CERTs and CSIRTs, who might be interested, you are welcome to join and encouraged to spread the word about the group.
Contact us:

3. CTI Working Group

This working group is being formed – more ifnformation will follow.


TF-CSIRT has previously supported working groups on:

  • RTIR – Request Tracker for Incident Response Working Group.
  • IRT – IRT Object Working Group.
  • IODEF – Incident Object Description and Exchange Format Working Group.
  • VEDEF – Vulnerability and Exploit Description and Exchange Format Working Group.
  • OAS-CICTE (Collaboration Group).
  • TF-CSIRT Futures Working Group.