National/governmental CERTs - Baseline Capabilities

National/governmental CERTs (n/g CERTs) are teams that serve the government of a country by helping to protect the critical information infrastructure. N/g CERTs play a key role in coordinating incident management with the relevant stakeholders at national level. They also bear responsibility for cooperation with the national and governmental teams in other countries.

Published under CSIRT Capabilities

ENISA's goal is to continuously support the Member States in enhancing and strengthening the cooperation among n/g CSIRTs in order to achieve a powerful incident response when it is needed.

Baseline Capabilities

These documents constitute a very first attempt to define a minimum set of capabilities that a Computer Emergency Response Team (CERT) in charge of protecting critical information infrastructure (CIIP) in the Member States should possess to take part and contribute to a sustainable cross-border information sharing and cooperation.

The key obstacle to cross-border cooperation and incident response that we have identified in recent years is the diversity of capabilities across Member States.

Four baseline capabilities were therefore identified and remain the focus of our research and continuous work: mandate & strategy; service portfolio; operational and cooperation capabilities.

Harmonisation of ENISA n/g CSIRT capabilities scheme and good practice for ICS CSIRT capabilities

In 2013 we assess the level of compliance of n/g CSIRT baseline capabilities set developed by ENISA with other similar schemes and provide a report on harmonisation in areas like terminology, definitions, validation processes or requirements. The second part of this project is dedicated to explore CSIRT good practices for Industrial Control Systems.

For further information please contact:

Baseline capabilities of n/g CSIRTs - Status Report 2012

This document will familiarise the reader with the current situation in Europe with regards to the n/g CERT's capabilities, and how these capabilities are deployed. More...

The updated map of n/g CSIRTs is available here.

Baseline capabilities of n/g CSIRTs - Updated Recommendations 2012

This document lists updated set of recommendations on gaps and shortcomings identified in the Status Report 2012. The number of gaps and shortcomings that still need to be addresssed in order for n/g CSIRTs to fully meet their baseline capabilities are outlined in along with recommendations on how to address them.More...

Baseline capabilities of n/g CSIRTs initial drafts

Part 1 Operational aspects

The first part (2009) was derived from the answers to a survey ENISA carried out among all 120+ publicly listed  CSIRTs in Europe.

This part mainly aims at CSIRT managers and staff members, and have an operational/technical nature and have been very well accepted by the CSIRT community. More...

Part 2 Policy Recommendations 2010

The second part was drafted in 2010. ENISA made further improvements and presents a set of policy recommendations on baseline capabilities of n/g CSIRTs. The document takes into account recommendations by internationally recognised centres of expertise and draws upon the experience and effective practice of existing CSIRTs.

This second part aims mainly at supporting policy- and decision-makers in the EU member states in the establishment of a suitable framework that will enable their n/g CSIRTs to operate properly, by shedding a light on policy requirements and experiences in the Member States and also by providing some background information on the operations of CSIRTs so that their requirements and needs are understood better. More...


12/2009: Part 1 (Operational Aspects) – initial draft, based on a survey among 120+ European CERTs

12/2010: Part 2 (Policy Recommendations) - initial draft for policy recommendations

10/2012: Deployment of baseline capabilities of n/g CERT - Status Report

10/2012: Baseline capabilities of n/g CERT - Updated Recommendations

We use cookies to ensure we give you the best browsing experience on our website. Find out more on how we use cookies and how you can change your settings.

Ok, I understand No, tell me more