1. Document Information
This document complies with RFC 2350.
1.1. Date of Last Update
This is version 1.6 as of March 1, 2018.
1.2. Distribution List for Notifications
This profile is kept current in the location specified in section 1.3.
Email notification of updates is sent to Cisco CSIRT management and investigators.
Please send questions about updates to the Cisco CSIRT team email address: email@example.com.
1.3. Locations where this Document May Be Found
The current version of this profile is available at
2. Contact Information
1. Name of the Team
Full name: Cisco Computer Security Incident Response Team
Short name: Cisco CSIRT
Cisco Systems, Inc.
7025 Kit Creek Road
Research Triangle Park, NC 27709
2.3. Time Zone
Cisco CSIRT is globally dispersed, providing 24-hour incident response. Main offices in U.S./Eastern UTC/GMT -5 hours Eastern Standard Time (EST), U.S./Pacific UTC/GMT -8 hours Pacific Standard Time (PST).
2.4. Telephone Number
Cisco CSIRT emergency telephone number: +1-408-527-3227
Cisco CSIRT regular telephone number: +1-408-527-3227
2.5. Facsimile Number
2.6. Other Telecommunication
2.7. Electronic Mail Address
Incident reports, including but not limited to copyright issues, spam, and abuse, can be sent to firstname.lastname@example.org.
2.8. Public Keys and Encryption Information
Please encrypt sensitive email with the Cisco CSIRT PGP key and send to email@example.com.
Please sign messages with a key that can be verified by public key servers.
Because all Cisco CSIRT investigators can read email encrypted with the firstname.lastname@example.org key, individuals can use it if they cannot find a key for a specific Cisco CSIRT member.
2.9. Team Members
No public information is provided about Cisco CSIRT members.
2.10. Other Information
For additional information about Cisco CSIRT, see http://tools.cisco.com/security/center/emergency.x?i=56.
Cisco CSIRT is listed by the Trusted Introducer (TI) for CERTs in Europe:
Cisco CSIRT is a member of Forum of Incident Response and Security Teams (FIRST); see http://www.first.org/members/teams/cisco_systems for details.
2.11. Points of Customer Contact
The preferred method for contacting Cisco CSIRT is email.
The Cisco CSIRT hours of operation are generally restricted to regular business hours, or 9 a.m. to 5 p.m. EST/EDT (0900 to 1700) Monday through Friday except U.S. public holidays.
For full contact details, see http://tools.cisco.com/security/center/emergency.x?i=56.
3.1. Mission Statement
Cisco CSIRT forms part of the investigative branch of the Cisco Security and Trust Organization, and provides proactive threat analysis, incident detection, and coordinated incident response.
The primary mission of Cisco CSIRT is to review security architecture, establish incident management procedures for collecting incident data, enable efficient recovery from security incidents, prevent or minimize disruption of critical computing services, and facilitate cooperation and information exchange among cross-functional groups that are responsible for security incident remediation.
Cisco CSIRT helps protect Cisco employees, business partners, and Cisco-owned businesses.
3.3. Sponsorship and/or Affiliation
Cisco CSIRT is a global team of analysts, investigators, and engineers that serve the IT, business, and engineering organizations within Cisco, and more specifically, the Chief Security Officer (CSO) and the company senior management team, to help protect Cisco information assets.
Cisco CSIRT coordinates, investigates, and remediates security incidents at the direction of the Cisco CSO, and within the framework defined by Cisco HR and Cisco Legal.
4.1. Types of Incidents and Level of Support
All incidents are considered normal priority unless they are labeled EMERGENCY.
4.2. Co-operation, Interaction, and Disclosure of Information
All incoming information is handled confidentially by Cisco CSIRT, regardless of its priority.
When reporting a sensitive incident, please state so explicitly (for example, by using the label SENSITIVE in the subject field of email) and, if possible, use encryption as well.
Cisco CSIRT supports the Information Sharing Traffic Light Protocol (ISTLP; see https://www.first.org/tlp/docs/tlp-v1.pdf). Information that arrives with the tags WHITE, GREEN, AMBER, or RED will be handled appropriately.
4.3. Communication and Authentication
See section 2.8; In cases that involve sensitive information, use of PGP/GnuPG is highly recommended.
5.1. Incident Response (Triage, Coordination, and Resolution)
Cisco CSIRT can assist system administrators in handling the technical and organizational aspects of computer security incidents.
5.2. Proactive Activities
Cisco CSIRT collaborates with FIRST, the National Safety Information Exchange (NSIE), the Defense Security Information Exchange (DSIE), and the DNS Operations Analysis and Research Center (DNS-OARC).
6. Incident Reporting Forms
Not available; please report using encrypted email.
This document is part of the Cisco Security portal. Cisco provides the official information contained on the Cisco Security portal in English only.
This document is provided on an “as is” basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information in the document or materials linked from the document is at your own risk. Cisco reserves the right to change or update this document without notice at any time.
Back to Top