Requirements for the Format for Incident Information Exchange (FINE)

Document Type Expired Internet-Draft (inch WG)
Author Yuri Demchenko 
Last updated 2015-10-14 (latest revision 2006-07-12)
Stream IETF
Intended RFC status Informational
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state Expired (IESG: Dead)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Sam Hartman
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document describes the high-level functional requirements of an abstract format, the Format for Incident information Exchange (FINE), which will facilitate the exchange of incident information among computer security incident response teams (CSIRTs) and involved parties. A common and well-defined format will help in the exchange of incident related information across different administrative domains such as organizations, regions, and countries. Implementations of FINE will also be useful for reactionary analysis of current threats and support the proactive identification of trends that can lead to incident prevention.


Yuri Demchenko (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)