Computer Security Incident Response Team

1. Document Information

This document complies with RFC 2350.

1.1. Date of Last Update

This is version 1.6 as of March 1, 2018.

1.2. Distribution List for Notifications

This profile is kept current in the location specified in section 1.3.

Email notification of updates is sent to Cisco CSIRT management and investigators.

Please send questions about updates to the Cisco CSIRT team email address:

1.3. Locations where this Document May Be Found

The current version of this profile is available at

2. Contact Information

1. Name of the Team

Full name: Cisco Computer Security Incident Response Team
Short name: Cisco CSIRT

2.2. Address

Cisco Systems, Inc.
7025 Kit Creek Road
Research Triangle Park, NC 27709
United States

2.3. Time Zone

Cisco CSIRT is globally dispersed, providing 24-hour incident response. Main offices in U.S./Eastern UTC/GMT -5 hours Eastern Standard Time (EST), U.S./Pacific UTC/GMT -8 hours Pacific Standard Time (PST).

2.4. Telephone Number

Cisco CSIRT emergency telephone number: +1-408-527-3227
Cisco CSIRT regular telephone number: +1-408-527-3227

2.5. Facsimile Number

Not applicable.

2.6. Other Telecommunication

Not applicable.

2.7. Electronic Mail Address

Incident reports, including but not limited to copyright issues, spam, and abuse, can be sent to

2.8. Public Keys and Encryption Information

Please encrypt sensitive email with the Cisco CSIRT PGP key and send to

Please sign messages with a key that can be verified by public key servers.

Because all Cisco CSIRT investigators can read email encrypted with the key, individuals can use it if they cannot find a key for a specific Cisco CSIRT member.

2.9. Team Members

No public information is provided about Cisco CSIRT members.

2.10. Other Information

For additional information about Cisco CSIRT, see

Cisco CSIRT is listed by the Trusted Introducer (TI) for CERTs in Europe:

Cisco CSIRT is a member of Forum of Incident Response and Security Teams (FIRST); see for details.

2.11. Points of Customer Contact

The preferred method for contacting Cisco CSIRT is email.

The Cisco CSIRT hours of operation are generally restricted to regular business hours, or 9 a.m. to 5 p.m. EST/EDT (0900 to 1700) Monday through Friday except U.S. public holidays.

For full contact details, see

3. Charter

3.1. Mission Statement

Cisco CSIRT forms part of the investigative branch of the Cisco Security and Trust Organization, and provides proactive threat analysis, incident detection, and coordinated incident response.

The primary mission of Cisco CSIRT is to review security architecture, establish incident management procedures for collecting incident data, enable efficient recovery from security incidents, prevent or minimize disruption of critical computing services, and facilitate cooperation and information exchange among cross-functional groups that are responsible for security incident remediation.

3.2. Constituency

Cisco CSIRT helps protect Cisco employees, business partners, and Cisco-owned businesses.

3.3. Sponsorship and/or Affiliation

Cisco CSIRT is a global team of analysts, investigators, and engineers that serve the IT, business, and engineering organizations within Cisco, and more specifically, the Chief Security Officer (CSO) and the company senior management team, to help protect Cisco information assets.

3.4. Authority

Cisco CSIRT coordinates, investigates, and remediates security incidents at the direction of the Cisco CSO, and within the framework defined by Cisco HR and Cisco Legal.

4. Policies

4.1. Types of Incidents and Level of Support

All incidents are considered normal priority unless they are labeled EMERGENCY.

4.2. Co-operation, Interaction, and Disclosure of Information

All incoming information is handled confidentially by Cisco CSIRT, regardless of its priority.

When reporting a sensitive incident, please state so explicitly (for example, by using the label SENSITIVE in the subject field of email) and, if possible, use encryption as well.

Cisco CSIRT supports the Information Sharing Traffic Light Protocol (ISTLP; see Information that arrives with the tags WHITE, GREEN, AMBER, or RED will be handled appropriately.

4.3. Communication and Authentication

See section 2.8; In cases that involve sensitive information, use of PGP/GnuPG is highly recommended.

5. Services

5.1. Incident Response (Triage, Coordination, and Resolution)

Cisco CSIRT can assist system administrators in handling the technical and organizational aspects of computer security incidents.

5.2. Proactive Activities

Cisco CSIRT collaborates with FIRST, the National Safety Information Exchange (NSIE), the Defense Security Information Exchange (DSIE), and the DNS Operations Analysis and Research Center (DNS-OARC).

6. Incident Reporting Forms

Not available; please report using encrypted email.


This document is part of the Cisco Security portal. Cisco provides the official information contained on the Cisco Security portal in English only.

This document is provided on an “as is” basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information in the document or materials linked from the document is at your own risk. Cisco reserves the right to change or update this document without notice at any time.

Back to Top