Versions Compared

Old Version 22

changes.mady.by.user Davide Vaghetti

Saved on

compared with

New Version 23

changes.mady.by.user Davide Vaghetti

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Description for eduGAIN

...

CSIRT

REMARK: This needs to be synced with https://edugain.org/edugain-security/

...

The current version of this CSIRT description document is available from the eduGAIN - CSIRT WWW site; its URL is https://edugain.org/edugain-security/

...

This document has been signed with the eduGAIN - CSIRTs PGP key. The signatures are also on our Web site, under: https://edugain.org/edugain-security/

Contact Information

Name of the Team

eduGAIN - CSIRT: The eduGAIN Computer Security Incident Response Team.

Address

eduGAIN - CSIRT

Hoekenrode 3 
6th floor

1102 BR Amsterdam
The Netherlands

...

abuse@edugain.org This address can be used to report all security incidents which relate to the eduGAIN participants. This is a mail alias that relays mail to the human(s) on duty for the eduGAIN - CSIRT.

Public Keys and Other Encryption Information

The eduGAIN - CSIRT has a PGP key, whose KeyID is CE43BCB8 and whose fingerprint is

...

The key and its signatures can be found at the usual large public keyservers.

Team Members

The eduGAIN - CSIRT team  is coordinated by the eduGAIN - CSIRT security officer and it is composed by security officers and experts from the constituent participants. The current team consists of the following persons:

...

General information about eduGAIN security is in https://edugain.org/edugain-security/

The eduGAIN - CSIRTs hours of operation are generally restricted to regular business hours (09:00-17:00 (CET/CEST)) Monday to Friday except holidays). 

...

Constituency

eduGAIN consists of identity federations, which which members are the federation participants,  an association of organizations that exchange information as appropriate about their users and resources to enable collaborations and transactions.  With regard to security incident response the identity and service providers (IdP and SP)  registered in a federation.Federations whose primarily target is to provide an authentication and authorisation infrastructure in the interests of research and education sectors. The eduGAIN Service provides an infrastructure for establishing trusted communications between Entities, such
as Identity and Service Providers, in different Federations.

eduGAIN is governed by the eduGAIN Steering Group which is composed by all the eduGAIN Members's representatives.

Please refer to the eduGAIN Constituion for further details: https://technical.edugain.org/doc/eduGAIN-Constitution-v3ter-web.pdf

For an up to date list of the current eduGAIN Participants you can refer to: The eduGAIN constituency  consists of the eduGAIN participants, see https://technical.edugain.org/status

Sponsorship and/or Affiliation

eduGAIN - CSIRT is part of eduGAIN.org.

Authority

eduGAIN - CSIRT is authorized by the eduGAIN Steering Group to coordinate incident response at the inter-federation level.

...

Types of Incidents and Level of Support

eduGAIN - CSIRT aims to respond to incident reports within 4 office hours.

...

<the link needs to be updated to point to the official version of the handbook>

eduGAIN - CSIRT reports to the eduGAIN Steering Group (eSG).

...

ALL incoming information is handled confidentially by eduGAIN - CSIRT, regardless of its priority.

eduGAIN - CSIRT supports the Information Sharing Traffic Light Protocol (ISTLP – see https://www.trusted-introducer.org/ISTLPv11.pdf) - information that comes in with the tags WHITE, GREEN, AMBER or RED will be handled appropriately.

eduGAIN - CSIRT will use the information you provide to help solve security incidents affecting eduGAIN. This means that by default the information will be distributed further to the appropriate parties – but only on a need-to-know base, and preferably anonymized.

...

Services

Incident Response

eduGAIN - CSIRTs major IT security incident management function is incident coordination across eduGAIN federations.

Incident Triage

eduGAIN - CSIRT will support the eduGAIN participants investigating whether indeed an incident occurred and in case, determining the extent of the incident. This ranges from a single entity, to multiple federations affected.

...

The incident resolution is ultimately the task of the organizations responsible for the end entities in eduGAIN (Service providers (SP), Identity Providers (IdP)). If possible, edugain-eduGAIN CSIRT will support the end entities with in coordination with the Federations  on request.

...

While every precaution will be taken in the preparation of information, notifications and alerts, eduGAIN - CSIRT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.

...