This document contains a RFC 2350 conform description of sCERT according to RFC 2350.
Date: Thu, 1 July 2021 11:00:00 +0100
1.1 Date of Last Update
Date: Thu, 1 Sept 2021 11:00:00 +0100
1.2 Distribution List for Notifications
There are no distribution/mailing lists defined for the notification about updates to this document.
1.3 Locations where this Document May Be Found
The current version of the description of the sCert is available at: https://www.erstedigital.com/RFC2350.txt
The signature of this document is available at: https://www.erstedigital.com/RFC2350.txt.sig
The key used for signing is the sCERT team key as listed under 2.8.
2. Contact Information
2.1 Name of the Team
sCERT - CERT der oesterreichischen Sparkassengruppe
Erste Digital GmbH
Am Belvedere 1
2.3 Time Zone
GMT+0100 (+0200 during day-light saving time).
2.4 Telephone Number
+43 (0)5 0100 - 39393
2.5 Facsimile Number
2.6 Other Telecommunication
2.7 Electronic Mail Address
2.8 Public Keys and Encryption Information
sCERT uses a master signing key to sign all keys used for operational purposes. Do NOT use it for communication with sCERT The master signing key is:
pub rsa4096/f9c02552a668a63d 2017-06-19T12:25:45Z
uid sCERT Master Signing Key (Used for signing the operational sCert GPG key) <firstname.lastname@example.org>
sig sig f9c02552a668a63d 2017-06-19T12:25:45Z 2018-06-30T10:00:00Z ____________________ [selfsig]
sig sig f9c02552a668a63d 2018-06-11T12:04:08Z 2024-06-21T09:38:23Z ____________________ [selfsig]
Communication by sCERT will be signed by the personal key of the team member which is signed by the signing only key above.
Encrypted communication to sCERT is possible with the following team key:
pub rsa4096/6507f2343e22d37554f4590c493e93259d4421e8 2017-06-19T12:31:40Z
uid sCert (sCert Team Key) <email@example.com>
sig sig 493e93259d4421e8 2021-07-01T08:32:16Z 2022-06-30T08:31:00Z ____________________ [selfsig]
sig sig 493e93259d4421e8 2020-07-02T08:06:12Z 2021-06-30T08:06:12Z ____________________ [selfsig]
sig sig 493e93259d4421e8 2019-11-04T11:15:12Z 2020-06-30T11:15:12Z ____________________ [selfsig]
sig sig 493e93259d4421e8 2019-07-05T07:23:43Z 2020-06-30T10:00:00Z ____________________ [selfsig]
sig sig 493e93259d4421e8 2018-10-05T06:39:42Z 2019-06-30T12:21:28Z ____________________ [selfsig]
sig sig f9c02552a668a63d 2018-10-05T06:40:51Z ____________________ ____________________ f9c02552a668a63d
The keys are available at most key servers.
2.9 Team Members
No information is provided in public.
2.10 Other Information
2.11 Points of Customer Contact
The preferred way of contacting sCERT is by means of e-mail (firstname.lastname@example.org). If it is not possible or appropriate to use e-mail, you can reach us via telephone (see Ch. 2.4)
sCERT’s hours of operation are generally restricted to business hours: Mon-Fri, 8 a.m. - 4 p.m. CET/CEST.
3.1 Mission Statement
sCERT’s mission is to coordinate and operate activities regarding IT security issues for the audience defined in Ch. 3.2.
sCERT’s services are available to Erste Digital GmbH and their network/datacenter customers (e.g. hosted Erste Group services).
sCERT has authority over ASNs AS12895 and AS24647.
3.3 Sponsorship and/or Affiliation
sCERT is part of and funded by Erste Digital GmbH.
In case of security incidents (see Ch. 4.1), sCERT cooperates with representatives of its constituency (see Ch. 3.2).
sCERT is in charge of proactive and reactive IT security measures within Erste Digital GmbH.
4.1 Types of Incidents and Level of Support
sCERT’s duties include proactive and reactive handling of all possible kinds of IT security incidents as well as awareness and training activities for employees of its constituency (see Ch. 3.2).
4.2 Co-operation, Interaction and Disclosure of Information
sCERT cooperates with the relevant public authorities and regulatory bodies.
sCERT interacts with trusted CSIRTs on a national and international level where considered useful mainly by sharing experience and best practices. sCERT does not disclose any internal information related to its constituency.
4.3 Communication and Authentication
The Information Sharing Traffic Light Protocol (ISTLP) is applied on any information exchanged between sCERT and other CSIRTs, regardless of the communication media (e.g., e-mail, telephone, or face-to-face meetings). For the exchange of electronic information between sCERT and other CSIRTs PGP is used. The keys used are available in Chapter 2.8. Before establishing a communication channel it is necessary to authenticate the communication counterpart by appropriate ways (e.g., webs of trust, physical identification, or call-back).
5.1 Incident Response
5.1.1. Incident Triage
Dependent on the type of the incident, it might be necessary to manually determine whether an incident has actually occurred (e.g., a data breach made public). Incidents automatically reported by e.g. network sensors are trusted a priori and are implicitly checked for plausibility. Afterwards the scope and the affected assets are analyzed and the incident is prioritized and assigned to the responsible persons for further processing.
5.1.2. Incident Coordination
Incident response is coordinated with the owners of the affected assets and the responsible IT security authority. Dependent on the owner of the affected asset, sCERT may have the authority to either actively engage in the IT security incident or to provide advisories.
5.1.3. Incident Resolution
In case Erste Digital GmbH is the accountable entity of the assets affected in the security incident, sCERT takes care of the incident mitigation.
In case the incident is related to assets owned by their network/datacenter customers (e.g. hosted Erste Group services), sCERT collects incident updates from the responsible IT security authority.
5.2 Proactive Activities
sCERT takes care of the vulnerability management and provides cyber threat intelligence service. sCERT is in contact with IT security responsible persons of their network/datacenter customers (e.g. hosted Erste Group services). sCERT takes part in information security related activities on a national and European level and takes part in security audits and penetration tests.
6. Incident Reporting Forms
No specific requirements.
While every precaution will be taken in the preparation of information, notifications and alerts,
sCERT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.