RFC 2350 - Expectations for Computer Security Incident Response (BCP 21)
RFC 2350 (BCP 21, 1998, updated by RFC 7942) describes the expectations of the Internet community regarding Computer Security Incident Response Teams (CSIRTs). It defines what a CSIRT should communicate about itself: mission, constituency, authority, policies, services, reporting procedures, and operating procedures. The RFC established the standard template for CSIRT descriptions still used today by incident response teams worldwide. Complemented by RFC 7970 (IODEF - Incident Object Description Exchange Format), RFC 8134 (Management Incident Lightweight Exchange), and RFC 9424 (Indicators of Compromise).
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (4)
CSIRT Identity
| Code | Title |
|---|---|
| RFCTHIRTY-1 | CSIRT Document Information, Contact, Charter |
CSIRT Operations
| Code | Title |
|---|---|
| RFCTHIRTY-2 | Constituency, Services, Operating Hours |
Policies
| Code | Title |
|---|---|
| RFCTHIRTY-4 | Policies, Disclosure, Information Sharing |
Reporting and Authentication
| Code | Title |
|---|---|
| RFCTHIRTY-3 | Incident Reporting and Authentication |
Frequently Asked Questions
What is RFC 2350 - Expectations for Computer Security Incident Response (BCP 21)?
RFC 2350 - Expectations for Computer Security Incident Response (BCP 21) is a compliance framework from International (IETF) with 4 domains and 4 controls. RFC 2350 (BCP 21, 1998, updated by RFC 7942) describes the expectations of the Internet community regarding Computer Security Incident Response Teams (CSIRTs). It defines what a CSIRT should communicate about itself: mission, constituency, authority, policies, services, reporting procedures, and operating procedures. The RFC established the standard template for CSIRT descriptions still used today by incident response teams worldwide. Complemented by RFC 7970 (IODEF - Incident Object Description Exchange Format), RFC 8134 (Management Incident Lightweight Exchange), and RFC 9424 (Indicators of Compromise). It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does RFC 2350 - Expectations for Computer Security Incident Response (BCP 21) have?
RFC 2350 - Expectations for Computer Security Incident Response (BCP 21) has 4 controls organised across 4 domains. The largest domains are CSIRT Identity (1 controls), CSIRT Operations (1 controls), Policies (1 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does RFC 2350 - Expectations for Computer Security Incident Response (BCP 21) map to?
RFC 2350 - Expectations for Computer Security Incident Response (BCP 21) does not currently have cross-framework mappings in our system. Check back as we continuously expand our mapping database.
How do I get started with RFC 2350 - Expectations for Computer Security Incident Response (BCP 21) compliance?
Start your RFC 2350 - Expectations for Computer Security Incident Response (BCP 21) compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about RFC 2350 - Expectations for Computer Security Incident Response (BCP 21) requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 4 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 718 frameworks.
Get Started Free →Free forever — no credit card required