Along with the rapid development of information technology and supporting several aspects of life, the increase in the use of information technology is directly proportional to the risk of cyber security so that it can cause losses in the form of data theft, data loss/damage, and obstruction of information flow. In handling information technology security. CSIRT (Computer Security Incident Response Team) is an organization or team responsible for receiving, reviewing, and responding to cyber security incident reports and activities. However, since CSIRT was established, the current CSIRT service in Indonesia has not changed much from when it was first launched, only technology and some cyber security attack and defense techniques have changed but the management principles are considered to remain the same. This study aims to analyze the role and services of CSIRT in Indonesia to deal with the threat of cyber-attacks using the Carnegie Mellon University (CMU) framework. The results of this study are recommendations by mapping the results of research against the FIRST framework so that 10 recommendations can be obtained for the implementation of CSIRT services in Indonesia.