CERT Division Frequently Asked Questions (FAQ)
This page presents common questions and answers related to the CERT Division. Please contact us if you need additional information or if you have questions about our work.
Introduction to the CERT Division
What is the CERT Division?
The CERT Division is an organization devoted to ensuring that appropriate technology and systems management practices are used to resist attacks on networked systems and to limit damage and ensure continuity of critical services in spite of successful attacks, accidents, or failures. For more detailed information about our work, see the About Us section of the website or our suite of informational pages.
The CERT/CC, a major center for addressing internet security problems, was established in November 1988, after the "Morris Worm" brought down much of the internet and demonstrated the growing network's susceptibility to attack. Shortly after that, the Defense Advanced Research Projects Agency (DARPA) charged the Software Engineering Institute (SEI) with both establishing a capability to quickly and effectively coordinate communication among experts during security emergencies in order to prevent future incidents and to build awareness of security issues across the internet community. CERT/CC staff members coordinate responses to security compromises, analyze product vulnerabilities, work with other security experts to identify solutions to security problems, and disseminate information to the broad community.
The growth and reliance on the internet, coupled with the increasing sophistication of intruder techniques, created a need for additional resources and capabilities. To address this need, the CERT/CC became part of the CERT Division. Other areas of work within the CERT Division include education and training, research and development, situational awareness, forensics, organizational security, and global relationships.
Is CERT an acronym? What does it stand for?
CERT is not an acronym; it is a name and a registered service mark. ("CERT" and "CERT Coordination Center" are registered service marks of Carnegie Mellon University.) You should not define "CERT" as an acronym, but it is appropriate to note in your text that the CERT Coordination Center was the first computer security incident response team (CSIRT). When referring to incident response teams, use the general term CSIRT and not the registered mark CERT.
What is the connection between the CERT Division and its CERT/CC and other groups with "CERT" in their name?
There is only one CERT Division and one CERT Coordination Center; there are no branches or alternate locations. We have authorized some computer security incident response teams to use "CERT" in their name; however, these teams are independent of us. Many of these CSIRTs (see Question A3) are members of the Forum of Incident Response and Security Teams (FIRST), of which the CERT/CC is a founding member.
Who funds the CERT Division?
Our work is funded primarily by the U.S. Department of Defense and the Department of Homeland Security, along with a number of other federal civil agencies and the private sector. As a division within the Software Engineering Institute, we receive some funds from the primary sponsor of the SEI, the Office of the Under Secretary of Defense for Acquisition and Technology.
How is the CERT Division related to Carnegie Mellon University? the Software Engineering Institute?
Carnegie Mellon operates the Software Engineering Institute. In 1985, the university won a competitive bid to establish the institute at the university with funding from the Department of Defense.
The CERT/CC was established at the SEI in 1988 and has grown to be one of its largest and most recognized programs. It continues to be administered by the SEI as part of a technical program of work that also includes research into state-of-the-art methods to utilize software architecture and product lines, improve individual and organizational processes, and support government acquisition efforts.
How is the CERT Division connected to the Department of Homeland Security and US-CERT?
In September 2003, the Department of Homeland Security announced the creation of US-CERT, a joint effort with the CERT Coordination Center. US-CERT draws on CERT/CC capabilities to help prevent cyber attacks, protect systems, and respond to the effects of cyber attacks across the internet.
Communicating with the CERT Division
The media can contact the public relations coordinator by phone (+1 412 268-4793) or email.
How can I send encrypted information to the CERT Division?
You can protect sensitive information by encrypting your email or contacting the CERT by phone, at +1 412-268-5800, to discuss other methods of protecting the information you send us (secure fax, secure phones, and other ways).
Will my sensitive information stay private after I give it to the CERT Division?
We will keep any information specific to your site confidential unless you give us permission to release that information. We distribute only composite, sanitized information in our publications.
Whom can I contact about ways to work with the CERT Division? Are there any jobs available?
Information about job openings is on the Careers page.
Whom can I contact about reproducing information from the CERT website?
Getting Security Information from the CERT Division
Can the CERT Division recommend other helpful sources of information about computer security?
As part of a federally funded research and development center (FFRDC), the CERT Division cannot endorse products or organizations. However, many of the articles, reports, papers, and podcasts created by our staff, available on the CERT website, contain helpful information and references.
New information is constantly being made available online. We urge you to conduct online searches for security-related topics.
Does the CERT Division offer any training or workshops?
Training: With the Software Engineering Institute (SEI), we offer courses for managers and technical personnel in areas such as creating and managing computer security incident response teams (CSIRTs), responding to and analyzing security incidents, and improving network security.
Workshops: We are also involved in various events, including the following:
- FIRST (Forum of Incident Response and Security Teams) Conference
Each year, our staff members participate in the annual FIRST conference.
- FloCon Conference
Our Network Situational Awareness group hosts FloCon, an open workshop that provides a forum for researchers, operational analysts, and others who are interested in analyzing, from a security standpoint, large volumes of network traffic. FloCon 2016 takes place in January 2016 in Daytona Beach, Florida. Visit the FloCon site to download the presentations from FloCon 2015 and other past FloCon events.
- Annual Meeting for CSIRTs with National Responsibility
The CERT Coordination Center hosts an annual meeting for national CSIRTs to promote relationship building and collaboration.
Presentations: Throughout the year, members of our staff present at various technical conferences, seminars, and regional networks. Periodically, special arrangements can be made to tailor presentations to fit the requirements of the specific site. For further information about presentations, please contact the CERT Division.