Annex I Network Information System (NIS) Requirements and Tasks of Computer Security Incident Response Teams (CSIRTs)

The requirements and tasks of CSIRTs shall be adequately and clearly defined and supported by national policy and/or regulation. They shall include the following:

      1. Requirements for CSIRTs:
        1. CSIRTs shall ensure a high level of availability of their communications services by avoiding single points of failure and shall have several means for being contacted and for contacting others at all times. Furthermore, the communication channels shall be clearly specified and well known to the constituency and cooperative partners.
        2. CSIRTs’ premises and the supporting information systems shall be located in secure sites.
        3. Business continuity:
          1. CSIRTs shall be equipped with an appropriate system for managing and routing requests, in order to facilitate handovers.
          2. CSIRTs shall be adequately staffed to ensure availability at all times.
          3. CSIRTs shall rely on an infrastructure the continuity of which is ensured. To that end, redundant systems and backup working space shall be available.
        4. CSIRTs shall have the possibility to participate, where they wish to do so, in international cooperation networks.
      2. CSIRTs’ tasks:
        1. CSIRTs’ tasks shall include at least the following:
          1. monitoring incidents at a national level;
          2. providing early warning, alerts, announcements and dissemination of information to relevant stakeholders about risks and incidents;
          3. responding to incidents;
          4. providing dynamic risk and incident analysis and situational awareness;
          5. participating in the CSIRTs network.
        2. CSIRTs shall establish cooperative relationships with the private sector.
        3. To facilitate cooperation, CSIRTs shall promote the adoption and use of common or standardised practices for:
          1. incident and risk-handling procedures;
          2. incident, risk and information classification schemes.