...
Users and research collaboration will be using your service(s) under the assumption that it is safe to do so, and - if you rely on others - that they can rely on you to manage your dependencies properly. Especially in 'cloud' scenarios, your supply chain in terms of both infrastructure and software is critical, and modern cybersecurity directives like Europe's NIS2 directive emphasise the importance of the supply chain.
The security baseline gives you the outline of the security measures that help you participate in federation and provide trustworthy services. It relies on Sirtfi SIRTFI, the Security Incident Response Trust Framework for Federated Identity, and helps identify, mitigate, and resolve security incidents in your service and in your peers. Remember: you will typically find a security incident quite a long time after the intrusion actually happened, so keeping logs is particularly important!
...
- AARC-G084 Security Operational Baseline
- SIRTFI, the Security Incident Response Trust framework for Federated Identity
- Network and Information Security directive 2.0 (NIS2)
- Incident Response Procedure