CERT

TECHNICAL DEFINITION

A Computer Emergency Response Team (CERT) is a specialized cybersecurity entity, often government-affiliated or organizational, responsible for incident handling, vulnerability analysis, threat intelligence dissemination, and proactive security measures to mitigate cyber risks and aid in recovery for national infrastructure or specific sectors.

BACKGROUND

The United States Computer Emergency Readiness Team (US-CERT) was a team under the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security.

SYNONYMS & ALIASES

• CSIRT
• CIRT
• Incident Response Team
• Cyber Incident Response Team
• Security Operations Center

USAGE NOTE

CERTs are crucial in national and organizational cybersecurity frameworks, coordinating responses to significant cyber incidents and sharing vital threat intelligence.

DEVELOPERS

Organizations developing technology related to CERT.

• CERT Coordination Center (CERT/CC)

  The original Computer Emergency Response Team, based at Carnegie Mellon University's Software Engineering Institute (SEI). CERT/CC researches security vulnerabilities, develops security tools, and provides incident response services and information to the public.

• CISA (Cybersecurity and Infrastructure Security Agency)

  Within the U.S. Department of Homeland Security, CISA operates US-CERT, which serves as the national hub for cyber security information and incident response. They develop and disseminate alerts, advisories, and tools to help prevent and respond to cyber incidents.

• ENISA (European Union Agency for Cybersecurity)

  ENISA works to achieve a high common level of cybersecurity across the Union. It supports Member States and EU institutions in building and strengthening their CSIRTs (Computer Security Incident Response Teams), developing methodologies, tools, and best practices for incident handling.

• BSI (Federal Office for Information Security, Germany)

  Germany's national cybersecurity authority, operating BSI-CERT. The BSI develops cybersecurity standards, products, and services, and provides incident response capabilities for federal government networks and critical infrastructures.

• NCSC (National Cyber Security Centre, UK)

  The UK's technical authority for cyber security, providing a single point of contact for the public and private sectors. The NCSC offers incident response, develops protective security technologies, and issues guidance and advisories to help organizations secure their systems.

• FIRST (Forum of Incident Response and Security Teams)

  FIRST is an international confederation of CSIRTs and CERTs. While not a direct technology developer in the commercial sense, FIRST fosters collaboration, develops common standards, and shares best practices and tools among its members, significantly influencing technology development and adoption in the incident response community.

• SANS Institute

  A leading provider of cybersecurity training, certifications, and research. SANS develops practical security solutions, tools, and methodologies (like the CIS Controls) widely adopted by CERTs and incident response teams globally, and runs the Internet Storm Center.

• Team Cymru

  A global leader in internet security research and threat intelligence. Team Cymru provides services and insights that directly aid CERTs and incident response teams in understanding global threats, identifying attackers, and responding to sophisticated cyberattacks.