This document is an initial attempt to provide a good practice guide for the entities that have been tasked to provide ICS Computer Emergency Response Capabilities (ICS-CERC). On the other hand, this guide does not have the ambition to prescribe to the EU Member States which entities should be entrusted with provision of ICS-CERC services. This document builds upon the current practice of CERTs with responsibilities for ICS networks, and also on the earlier work of ENISA on a baseline capabilities scheme for national/ governmental (n/g) CERTs1. Consequently, it employs a similar approach in addressing the topics relevant for ICS-CERC provision, by using four categories of baseline capabilities: mandate, service portfolio and operations in relation to ICS-CERC and, last but not least, cooperation with the other ICS stakeholders. These four categories of capabilities are mutually interdependent.