CyberSec First Responder (CFR) Certification

This exam will prove the candidate's proficiency in using a platform for system and network security analysis as well as in recognizing, evaluating, responding to, and protecting against security threats. The CFR exam is recognized as meeting the standards of Directive 8570/8140 and is accredited under the ISO/IEC 17024:2012 standard.

Domain 1 Identify:

• Identify assets (applications, workstations, servers, appliances, operating systems, and others)
• Identify factors that affect the tasking, collection, processing, exploitation, and dissemination architecture’s form and function
• Identify and evaluate vulnerabilities and threat actors
• Identify applicable compliance, standards, frameworks, and best practices for privacy
• Identify applicable compliance, standards, frameworks, and best practices for security
• Identify and conduct vulnerability assessment processes
• Establish relationships between internal teams and external groups like law enforcement agencies and vendor

Domain 2 Protect:

• Analyze and report system security posture trends
• Apply security policies to meet the system’s cybersecurity objectives and defend against cyber attacks and intrusions
• Collaborate across internal and external organizational lines to enhance the collection, analysis, and dissemination of information
• Employ approved defense-in-depth principles and practices
• Develop and implement cybersecurity independent audit processes
• Ensure that plans of action are in place for vulnerabilities identified during risk assessments, audits, and inspections
• Protect organizational resources through security updates
• Protect identity management and access control within the organization, including physical and remote access

Domain 3 Detect:

• Analyze common indicators of potential compromise, anomalies, and patterns
• Perform analysis of log files from various sources to identify possible threats to network security
• Provide timely detection, identification, and alerting of possible attacks/ intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities
• Take appropriate action to document and escalate incidents that may cause an ongoing and immediate impact on the environment
• Determine the extent of threats and recommend courses of action or countermeasures to mitigate risks

Domain 4 Respond:

• Execute the incident response process
• Collect and seize documentary or physical evidence and create a forensically sound duplicate that ensures the original evidence is not unintentionally modified to use for data recovery and analysis processes
• Correlate incident data and create reports.
• Implement system security measures in accordance with established procedures
• Determine tactics, techniques, and procedures (TTPs) of intrusion sets
• Interface with internal teams and external organizations to ensure appropriate and accurate dissemination of incident information

Domain 5 Recover:

• Implement recovery planning processes and procedures to restore systems and assets affected by cybersecurity incidents
• Implement specific cybersecurity countermeasures for systems and applications
• Review forensic images and other data sources for recovery of potentially relevant information
• Provide advice and input for disaster recovery, contingency, and continuity of operations plans

Individuals with between 3 and 5 years of experience working in a computing environment as part of a CERT/CSIRT/SOC who protect critical information systems before, during, and after an incident.

1. Attend CyberSec First Responder Course
2. Pass the following exams:

• Exam CFR-410