This document complies with RFC 2350.
This is version 1.6 as of March 1, 2018.
This profile is kept current in the location specified in section 1.3.
Email notification of updates is sent to Cisco CSIRT management and investigators.
Please send questions about updates to the Cisco CSIRT team email address: csirt-notify@cisco.com.
The current version of this profile is available at
https://www.cisco.com/c/en/us/about/security-center/computer-security-incident-response-team-csirt.html
Full name: Cisco Computer Security Incident Response Team
Short name: Cisco CSIRT
Cisco CSIRT
Cisco Systems, Inc.
7025 Kit Creek Road
Research Triangle Park, NC 27709
United States
Cisco CSIRT is globally dispersed, providing 24-hour incident response. Main offices in U.S./Eastern UTC/GMT -5 hours Eastern Standard Time (EST), U.S./Pacific UTC/GMT -8 hours Pacific Standard Time (PST).
Cisco CSIRT emergency telephone number: +1-408-527-3227
Cisco CSIRT regular telephone number: +1-408-527-3227
Not applicable.
Not applicable.
Incident reports, including but not limited to copyright issues, spam, and abuse, can be sent to csirt-notify@cisco.com.
Please encrypt sensitive email with the Cisco CSIRT PGP key and send to csirt-notify@cisco.com.
Please sign messages with a key that can be verified by public key servers.
Because all Cisco CSIRT investigators can read email encrypted with the csirt-notify@cisco.com key, individuals can use it if they cannot find a key for a specific Cisco CSIRT member.
No public information is provided about Cisco CSIRT members.
For additional information about Cisco CSIRT, see https://sec.cloudapps.cisco.com/security/center/emergency.x?i=56.
Cisco CSIRT is listed by the Trusted Introducer (TI) for CERTs in Europe:
https://www.trusted-introducer.org/directory/teams/cisco-csirt.html
Cisco CSIRT is a member of Forum of Incident Response and Security Teams (FIRST); see http://www.first.org/members/teams/cisco_systems for details.
The preferred method for contacting Cisco CSIRT is email.
The Cisco CSIRT hours of operation are generally restricted to regular business hours, or 9 a.m. to 5 p.m. EST/EDT (0900 to 1700) Monday through Friday except U.S. public holidays.
For full contact details, see https://sec.cloudapps.cisco.com/security/center/emergency.x?i=56.
Cisco CSIRT forms part of the investigative branch of the Cisco Security and Trust Organization, and provides proactive threat analysis, incident detection, and coordinated incident response.
The primary mission of Cisco CSIRT is to review security architecture, establish incident management procedures for collecting incident data, enable efficient recovery from security incidents, prevent or minimize disruption of critical computing services, and facilitate cooperation and information exchange among cross-functional groups that are responsible for security incident remediation.
Cisco CSIRT helps protect Cisco employees, business partners, and Cisco-owned businesses.
Cisco CSIRT is a global team of analysts, investigators, and engineers that serve the IT, business, and engineering organizations within Cisco, and more specifically, the Chief Security Officer (CSO) and the company senior management team, to help protect Cisco information assets.
Cisco CSIRT coordinates, investigates, and remediates security incidents at the direction of the Cisco CSO, and within the framework defined by Cisco HR and Cisco Legal.
All incidents are considered normal priority unless they are labeled EMERGENCY.
All incoming information is handled confidentially by Cisco CSIRT, regardless of its priority.
When reporting a sensitive incident, please state so explicitly (for example, by using the label SENSITIVE in the subject field of email) and, if possible, use encryption as well.
Cisco CSIRT supports the Information Sharing Traffic Light Protocol (ISTLP; see https://www.first.org/tlp/docs/tlp-v1.pdf). Information that arrives with the tags WHITE, GREEN, AMBER, or RED will be handled appropriately.
See section 2.8; In cases that involve sensitive information, use of PGP/GnuPG is highly recommended.
Cisco CSIRT can assist system administrators in handling the technical and organizational aspects of computer security incidents.
Cisco CSIRT collaborates with FIRST, the National Safety Information Exchange (NSIE), the Defense Security Information Exchange (DSIE), and the DNS Operations Analysis and Research Center (DNS-OARC).
Not available; please report using encrypted email.
This document is part of the Cisco Security portal. Cisco provides the official information contained on the Cisco Security portal in English only.
This document is provided on an “as is” basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information in the document or materials linked from the document is at your own risk. Cisco reserves the right to change or update this document without notice at any time.