The Security Incident Response Trust Framework for Federated Identity (Sirtfi) aims to enable the coordination of incident response across federated organisations. This assurance framework comprises a list of assertions which an organisation can attest in order to be declared Sirtfi compliant. An official "trust mark" has been defined for SAML Service Providers and Identity Providers to allow organisations to technically advertise their adoption of the framework, and a similar approach is being planned for OpenID Federation.
Any federated organisation should adopt Sirtfi to improve their internal operational security and enable them to participate in federated security incident response. If you have not published a security contact in the identity federation then you will not be informed of any ongoing security incidents that may affect you.
In order to assert Sirtfi for your entire infrastructure it is important that you can ensure that the list of Sirtfi requirements is met for both the AAI layer and all connected services. Since Sirtfi requires that best practices in operational security are met, e.g. regular patching, you will need to adopt a policy for your infrastructure to ensure that these practices are followed by each service. A central operational security team for your infrastructure may play an important role in supporting these practices, such as handling communication during an incident and propagating information on vulnerabilities and breaches to downstream systems.
Please visit https://wiki.refeds.org/display/SIRTFI/Guide+for+Federation+Participants