Reference Security Incident Taxonomy Working Group – RSIT WG

Published under Community Projects

Following a discussion amongst the CSIRT community during the ‘51st TF-CSIRT meeting’ (15 May 2017 in The Hague, Netherlands), it was concluded that there is an urgent need for a taxonomy list and name that serves as a fixed reference for everyone. This is why ENISA and TF-CSIRT created the ‘Reference Security Incident Taxonomy Working Group". The aim of this working group is to enable the CSIRT community in reaching a consensus on a reference taxonomy.

On January 26, 2018 ENISA published an initial report on the topic and on 26 September 2018 the Reference Security Incident Taxonomy Working Group was approved as official TF-CSIRT working group by the TF-CSIRT Steering Committee.

To become part of the working group, the requester should send an email to ENISA secretariat or sign up for a physical meeting during a TF-CSIRT event. In case of physical meeting, please notify in presence to the ENISA secretariat or via email the request for addition to the mailing list.

You may suggest additions to the taxonomy via github's pull request mechanism. These pull requests will be discussed at the next TF-CSIRT event and merged - provided they achieve group consensus. See also the Terms of Reference.

During the 2nd meeting at 53rd TF-CSIRT in Hamburg it was decided to use as starting point and use as it is for version 1.

For the latest version of the RSIT and more info on the overall activity of the working group visit the Github repository

Check the TF-CSIRT meeting page to register for the next upcoming meeting.

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information