Your resources, your research data, and your collaborators are valuable, yet continuously targeted by miscreants. Protecting these requires that everyone works together to protect them damage, disruption, and unauthorised use. The security operational baseline sets the bar to entry in most federated infrastructures, not only for the AAI but also for the protection of resources, data, and users. By adhering to a simple common baseline, the collaboration becomes easier and the expectations of all parties are clear. You will find that adherence to the security operational baseline is a prerequisite to entry for many of the ecosystems you want to join.
...
Adopting it as an e-Infrastructure or service provider
...
Users and research collaboration will be using your service(s) under the assumption that it is safe to do so, and - if you rely on others - that they can rely on you to manage your dependencies properly. Especially in 'cloud' scenarios, your supply chain in terms of both infrastructure and software is critical, and modern cybersecurity directives like Europe's NIS2 emphasise the importance of the supply chain.
The security baseline gives you the outline of the security measures that help you participate in federation and provide trustworthy services. It relies on Sirtfi, the Security Incident Response Trust Framework for Federated Identity, and helps identify, mitigate, and resolve security incidents in your service and in your peers. Remember: you will typically find a security incident quite a long time after the intrusion actually happened, so keeping logs is particularly important!
Adopting it as an authentication source or collaboration
...
The AARC BPA identifies the collaboration layer as a key control point for resource access: as a collaboration, you hold critical data on 'who did what when', and are the most effective place to control access to resources and protect the infrastructures you use.
The twelve points to protect your resources and data
It is RECOMMENDED that all service providers follow these Baseline Requirements to achieve a sufficient level of security. These requirements augment but do not replace applicable security policies and obligations, nor any more specific security arrangements and service level agreements that may exist between participants. The baseline is specifically that: a set of minimal expectations between everyone in the infrastructure:
...