CSIRT

A CSIRT (Computer Security Incident Response Team) is the national unit responsible for receiving, analysing and coordinating the handling of cybersecurity incidents. Under NIS2, every EU member state must designate at least one CSIRT. In Denmark, this function is carried out by the Centre for Cyber Security (CFCS).

Back to Dictionary

Table of Contents

    What is a CSIRT?

    A CSIRT — Computer Security Incident Response Team — is a specialised team tasked with responding to and coordinating the handling of cybersecurity incidents. At national level, CSIRTs serve as the primary point of contact for organisations that need to report incidents or receive technical assistance in the event of a cyber attack.

    Under the NIS2 Directive, each EU member state is required to designate at least one CSIRT with responsibility for the sectors and entities covered by the directive. The CSIRT operates as part of the broader national cybersecurity governance structure.

    The CSIRT's role under NIS2

    NIS2 defines several core functions that each national CSIRT must perform:

    • Incident reception: Receiving notifications of significant cybersecurity incidents from entities covered by NIS2, including the initial early warning within 24 hours and the full incident notification within 72 hours.
    • Technical assistance: Providing technical support and guidance to affected entities during and after incidents, including advice on detection, containment and remediation.
    • Coordination: Coordinating incident response across multiple affected entities and, where necessary, across national borders in cooperation with other member states' CSIRTs and ENISA.
    • Threat intelligence: Monitoring the threat landscape, issuing advisories and warnings, and sharing threat intelligence with relevant entities and other CSIRTs.

    In addition to these reactive functions, CSIRTs also play a proactive role by conducting vulnerability assessments, publishing security advisories and supporting capacity building across the sectors they serve.

    The Danish CSIRT — Centre for Cyber Security (CFCS)

    In Denmark, the national CSIRT function is performed by the Centre for Cyber Security (Center for Cybersikkerhed, CFCS), which operates under the Danish Defence Intelligence Service (Forsvarets Efterretningstjeneste). CFCS is responsible for:

    • Receiving and processing incident reports from Danish organisations covered by NIS2
    • Providing technical incident response assistance
    • Monitoring the cyber threat landscape affecting Denmark
    • Issuing the annual national cyber threat assessment
    • Operating GovCERT, Denmark's governmental CERT for public sector and critical infrastructure


    Know your reporting obligations:     Entities covered by NIS2 must report significant incidents to the CSIRT within strict timeframes: an early warning within 24 hours, an incident notification within 72 hours and a final report within one month. Ensure your incident response procedures include these reporting steps.

    Frequently Asked Questions about CSIRT

    What is a CSIRT?

    A CSIRT (Computer Security Incident Response Team) is a national unit responsible for receiving, analysing and coordinating the handling of cybersecurity incidents. Under NIS2, every EU member state must designate at least one CSIRT.

    What is the Danish CSIRT?

    In Denmark, the national CSIRT function is carried out by the Centre for Cyber Security (Center for Cybersikkerhed, CFCS), which operates under the Danish Defence Intelligence Service.

    What are the NIS2 incident reporting timeframes?

    NIS2 requires an early warning to the CSIRT within 24 hours of becoming aware of a significant incident, a full incident notification within 72 hours and a final report within one month.

    Does a CSIRT only handle incidents reactively?

    No. CSIRTs also perform proactive functions including vulnerability assessments, threat intelligence sharing, security advisories and capacity building across the sectors they serve.

    Is the CSIRT the same as a SOC?

    No. A SOC (Security Operations Centre) is typically an internal or outsourced function that monitors an individual organisation's security. A CSIRT operates at national level and coordinates incident response across multiple organisations and sectors.

    +400 companies use .legal
    Region Sjælland
    Aarhus Universitet
    aj_vaccines_logo
    Realdania
    Right People
    IO Gates
    PLO
    Finans Danmark
    geia-food
    Vestforbrænding
    Evida
    Klasselotteriet
    NRGI1
    BLUE WATER SHIPPING
    Karnov
    Ingvard Christensen
    VP Securities
    AH Industries
    Lægeforeningen
    InMobile
    AK Nygart
    ARP Hansen
    DEIF
    DMJX
    Axel logo
    qUINT Logo
    KAUFMANN (1)
    SMILfonden-logo
    kurhotel_skodsborg
    nemlig.com
    Molecule Consultancy
    Novicell
    Footer topswirl

    Info

    .legal A/S

    hello@dotlegal.com
    +45 7027 0127

    VAT-no: DK40888888

    Support

    support@dotlegal.com
    +45 7027 0127
    Need help?

     

    Office

    Aarhus

    Store Torv 14, 2.
    8000 Aarhus C

    We care about safety

    Download our declarations

    ISAE 3000

    ISAE 3402

    Modules

    Let me help you get started

    joa i blob
    Reach out to me on phone
    +45 7027 0127 and I'll get you started
    arrow-right-white Get a demo

    .legal is not a law firm and is therefore not under the supervision of the Bar Council.

    Footer bottomswirl