News Item

Sharing is caring: technical cooperation across CSIRTs, LE and the judiciary

In an effort to estimate the degree of maturity of the technical cooperation across national and governmental CSIRTs, law enforcement agencies (LEAs) and the judiciary when it comes down to cybercrime investigation, ENISA has prepared a report that focuses on the tools of these communities to cooperate among themselves and counter cybercrime.

Published on May 07, 2020

In particular, the ENISA Report - An overview on enhancing technical cooperation between CSIRTs and LE provides an overview of the tools currently used by the reference communities, analyses their key functionalities, and proposes technical specifications to design a shared platform that could help CSIRTs, LE and the judiciary cooperate closer and share information to respond to cyber security incidents and counter cybercrime. The report gives also some examples of cooperation between CSIRTs, LEAs and the judiciary that showcase the interactions between the different actors and the methodology and the tools used for their cooperation.

Data for this report was collected via desk research and an online survey.  

The main target audience of this report is national and governmental CSIRTs, LEAs, prosecutors, and judges as well as policy makers and professionals in this field. As expected, this ENISA report takes a standpoint that favors cross border cooperation across the EU Member States.

To enhance the cooperation across CSIRTs, LEAs and the judiciary the following recommendations have been put forward:

  • to drive efforts towards and support the development of a common platform, considering all requirements and constraints expressed by the communities;
  • to promote the use of Segregation (or separation) of Duties (SoD) matrices to  avoid overlapping duties across CSIRTs, LE and the judiciary in relation to the sharing information.
  • to consider and promote the adoption of a common digital forensics framework.
  • to assess the suitability of the EU cybersecurity certification framework for cybercrime investigation tools.

This report contributes to the implementation of the ENISA programming document 2019-2021 (Output O.4.2.2 -“Support the fight against cybercrime and collaboration between CSIRTs and law enforcement”). It leverages upon and builds further on ENISA work already carried out in the area of CSIRTs and law enforcement cooperation. Further work in this area, carried out  in 2020, is described in the ENISA programming document 2020-2022.


Further Information:

ENISA Report - An overview on enhancing technical cooperation between CSIRTs and LE

For more information on these reports, please contact: CSIRT-LE-cooperation (at)

More on ENISA’s activities in the area of CSIRTs and communities

For interviews and press questions, please contact press (at)



Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies