The IT Law Wiki
The IT Law Wiki

Definition[]

A White Team is

[a] group responsible for refereeing an engagement between a Red Team of mock attackers and a Blue Team of actual defenders of information systems.[1]

Overview[]

"In an exercise, the White Team acts as the judges, enforces the rules of the exercise, observes the exercise, scores teams, resolves any problems that may arise, handles all requests for information or questions, and ensures that the competition runs fairly and does not cause operational problems for the defender's mission. The White Team helps to establish the rules of engagement, the metrics for assessing results and the procedures for providing operational security for the engagement. The White Team normally has responsibility for deriving lessons-learned, conducting the post engagement assessment, and promulgating results."[2]

References[]

  1. NICCS, Explore Terms: A Glossary of Common Cybersecurity Terminology (full-text).
  2. CNSSI-4009.