FIRST services framework

[j---]

Service area 3 is about vulnerability triage for PSIRTs https://www.first.org/standards/frameworks/psirts/psirt_services_framework_v1.1

Service area 7.2.2 is about CSIRT vulnerability triage https://www.first.org/standards/frameworks/csirts/csirt_services_framework_v2.1#7-2-Service-Vulnerability-report-intake

SSVC may be in a position to be providing additional detail about these areas. I don't think we're overlapping, but if we are in fact providing additional detail to things listed in the PSIRT and CSIRT services frameworks, we should reach out to FIRST to coordinate and see if they agree and want to link to SSVC documentation for additional detail.

[ahouseholder]

Need to digest the services frameworks in more detail, but I could imagine one way to represent this could be to do a cross-walk table similar to what we did with Vultron and various vulnerability disclosure ISO docs:

• https://certcc.github.io/Vultron/reference/iso_30111_2019/
• https://certcc.github.io/Vultron/reference/iso_29147_2018/
• https://certcc.github.io/Vultron/reference/iso_5895_2022/

[j---]

Something like this, yes. In this case, I think we also have the opportunity to chat with the FIRST framework authors and get their feedback after we draft it.