You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

eduGAIN Participants shall define a security contact for the federation that will act a 

The security contact shall respect the following base requirements:

  • It is strongly recommended to use a dedicated email address for the security contact. 
  • Where possible, use the contact of the NREN's security function (local CERT/CSIRT).
  • Refer to the eduGAIN CSIRT <abuse@edugain.org>, which is the established security contact for the eduGAIN Service, for federated security incident notification and coordination.

  • Respond to requests for assistance with a security incident from the eduGAIN CSIRT or other eduGAIN Participants in a timely manner. The recommended response time is half business day.

  • Respect the Traffic Light Protocol [TLP] information disclosure policy and use it during incident response communications (ref. https://www.first.org/tlp)

  • No labels