OtherInternational (IETF)
RFC 2350 — Expectations for Computer Security Incident Response (BCP 21)
RFC 2350 (BCP 21, 1998, updated by RFC 7942) describes the expectations of the Internet community regarding Computer Security Incident Response Teams (CSIRTs). It defines what a CSIRT should communicate about itself: mission, constituency, authority, policies, services, reporting procedures, and operating procedures.
Domains
Section 5 - Services
Section 4 - Policies
Section 3 - Charter
Section 2 - Contact Information
Section 1 - Document Information
Compare RFC 2350 — Expectations for Computer Security Incident Response (BCP 21)
RFC 2350 — Expectations for Computer Security Incident Response (BCP 21) vs ISO 27001:2022View comparison →RFC 2350 — Expectations for Computer Security Incident Response (BCP 21) vs SOC 2View comparison →RFC 2350 — Expectations for Computer Security Incident Response (BCP 21) vs NIST CSF 2.0View comparison →RFC 2350 — Expectations for Computer Security Incident Response (BCP 21) vs GDPRView comparison →RFC 2350 — Expectations for Computer Security Incident Response (BCP 21) vs HIPAAView comparison →RFC 2350 — Expectations for Computer Security Incident Response (BCP 21) vs PCI DSS 4.0View comparison →
RFC 2350 — Expectations for Computer Security Incident Response (BCP 21) by Industry
RFC 2350 — Expectations for Computer Security Incident Response (BCP 21) for Healthcare→RFC 2350 — Expectations for Computer Security Incident Response (BCP 21) for Financial Services→RFC 2350 — Expectations for Computer Security Incident Response (BCP 21) for Technology→RFC 2350 — Expectations for Computer Security Incident Response (BCP 21) for Government→RFC 2350 — Expectations for Computer Security Incident Response (BCP 21) for Manufacturing→RFC 2350 — Expectations for Computer Security Incident Response (BCP 21) for Energy→RFC 2350 — Expectations for Computer Security Incident Response (BCP 21) for Retail→RFC 2350 — Expectations for Computer Security Incident Response (BCP 21) for Education→
RFC 2350 — Expectations for Computer Security Incident Response (BCP 21) by Role
RFC 2350 — Expectations for Computer Security Incident Response (BCP 21) for CISOs→RFC 2350 — Expectations for Computer Security Incident Response (BCP 21) for Compliance Officers→RFC 2350 — Expectations for Computer Security Incident Response (BCP 21) for Risk Managers→RFC 2350 — Expectations for Computer Security Incident Response (BCP 21) for IT Directors→RFC 2350 — Expectations for Computer Security Incident Response (BCP 21) for DPOs→RFC 2350 — Expectations for Computer Security Incident Response (BCP 21) for Auditors→
Frequently Asked Questions
What is RFC 2350?
RFC 2350 (BCP 21, 1998, updated by RFC 7942) describes the expectations of the Internet community regarding Computer Security Incident Response Teams (CSIRTs). It defines what a CSIRT should communicate about itself: mission, constituency, authority, policies, services, reporting procedures, and operating procedures.
How many controls does RFC 2350 have?
RFC 2350 contains 18 controls organized across 5 domains.
Where does RFC 2350 apply?
RFC 2350 is applicable in International (IETF). Organizations operating in or serving customers in this jurisdiction should evaluate its requirements.
What frameworks does RFC 2350 map to?
RFC 2350 has control-to-control mappings with 493 other compliance frameworks in our database. Use our compliance platform to explore these mappings interactively.
How do I get started with RFC 2350 compliance?
Start by understanding the framework's key controls and domains. Our compliance platform provides AI-powered gap analysis and mapping tools to help you assess your current posture and build a remediation plan.
How ready are you for RFC 2350 — Expectations for Computer Security Incident Response (BCP 21)?
Answer 25 questions and get a professional readiness report with gap analysis, maturity scores, and prioritised action items. Results in 5 minutes.