RFC2350

 

1.Document Information

This document contains a RFC 2350 conform description of sCERT according to RFC 2350.

Version: 4
Date: Thu, 1 July 2021 11:00:00 +0100
Author: team@scert.at

1.1 Date of Last Update

Date: Thu, 1 Sept 2021 11:00:00 +0100

1.2 Distribution List for Notifications

There are no distribution/mailing lists defined for the notification about updates to this document.

1.3 Locations where this Document May Be Found

The current version of the description of the sCert is available at: https://www.erstedigital.com/RFC2350.txt

The signature of this document is available at: https://www.erstedigital.com/RFC2350.txt.sig

The key used for signing is the sCERT team key as listed under 2.8.

 

2. Contact Information

2.1 Name of the Team

sCERT - CERT der oesterreichischen Sparkassengruppe

2.2 Address

Erste Digital GmbH
Am Belvedere 1
1100 Vienna
Austria

2.3 Time Zone

GMT+0100 (+0200 during day-light saving time).

2.4 Telephone Number

+43 (0)5 0100 - 39393

2.5 Facsimile Number

None.

2.6 Other Telecommunication

None.

2.7 Electronic Mail Address

team@scert.at

2.8  Public Keys and Encryption Information

sCERT uses a master signing key to sign all keys used for operational purposes. Do NOT use it for communication with sCERT The master signing key is:

pub rsa4096/f9c02552a668a63d 2017-06-19T12:25:45Z

Hash=f1fbd0289dcff12b4f9b615f0f000ae1

uid sCERT Master Signing Key (Used for signing the operational sCert GPG key) <signing-only-key@s-itsolutions.at>

sig  sig  f9c02552a668a63d 2017-06-19T12:25:45Z 2018-06-30T10:00:00Z ____________________ [selfsig]

sig  sig  f9c02552a668a63d 2018-06-11T12:04:08Z 2024-06-21T09:38:23Z ____________________ [selfsig]

 

Communication by sCERT will be signed by the personal key of the team member which is signed by the signing only key above.

Encrypted communication to sCERT is possible with the following team key:

pub rsa4096/6507f2343e22d37554f4590c493e93259d4421e8 2017-06-19T12:31:40Z

Hash=a516e022e19ec1601973369e1db5c158

uid sCert (sCert Team Key) <team@scert.at>

sig  sig  493e93259d4421e8 2021-07-01T08:32:16Z 2022-06-30T08:31:00Z ____________________ [selfsig]

sig  sig  493e93259d4421e8 2020-07-02T08:06:12Z 2021-06-30T08:06:12Z ____________________ [selfsig]

sig  sig  493e93259d4421e8 2019-11-04T11:15:12Z 2020-06-30T11:15:12Z ____________________ [selfsig]

sig  sig  493e93259d4421e8 2019-07-05T07:23:43Z 2020-06-30T10:00:00Z ____________________ [selfsig]

sig  sig  493e93259d4421e8 2018-10-05T06:39:42Z 2019-06-30T12:21:28Z ____________________ [selfsig]

sig  sig  f9c02552a668a63d 2018-10-05T06:40:51Z ____________________ ____________________ f9c02552a668a63d

 

The keys are available at most key servers.

2.9 Team Members

No information is provided in public.

2.10 Other Information

None.

2.11 Points of Customer Contact

The preferred way of contacting sCERT is by means of e-mail (team@scert.at). If it is not possible or appropriate to use e-mail, you can reach us via telephone (see Ch. 2.4) 

sCERT’s hours of operation are generally restricted to business hours: Mon-Fri, 8 a.m. - 4 p.m. CET/CEST.

3. Charter

3.1 Mission Statement

sCERT’s mission is to coordinate and operate activities regarding IT security issues for the audience defined in Ch. 3.2.

3.2 Constituency

sCERT’s services are available to Erste Digital GmbH and their network/datacenter customers (e.g. hosted Erste Group services).

sCERT has authority over ASNs AS12895 and AS24647.

3.3 Sponsorship and/or Affiliation

sCERT is part of and funded by Erste Digital GmbH.

3.4 Authority

In case of security incidents (see Ch. 4.1), sCERT cooperates with representatives of its constituency (see Ch. 3.2).

sCERT is in charge of proactive and reactive IT security measures within Erste Digital GmbH.

4. Policies

4.1 Types of Incidents and Level of Support

sCERT’s duties include proactive and reactive handling of all possible kinds of IT security incidents as well as awareness and training activities for employees of its constituency (see Ch. 3.2).

4.2 Co-operation, Interaction and Disclosure of Information

sCERT cooperates with the relevant public authorities and regulatory bodies.

sCERT interacts with trusted CSIRTs on a national and international level where considered useful mainly by sharing experience and best practices. sCERT does not disclose any internal information related to its constituency.

4.3 Communication and Authentication

The Information Sharing Traffic Light Protocol (ISTLP) is applied on any information exchanged between sCERT and other CSIRTs, regardless of the communication media (e.g., e-mail, telephone, or face-to-face meetings). For the exchange of electronic information between sCERT and other CSIRTs PGP is used. The keys used are available in Chapter 2.8. Before establishing a communication channel it is necessary to authenticate the communication counterpart by appropriate ways (e.g., webs of trust, physical identification, or call-back).

 

5. Services

5.1 Incident Response

5.1.1. Incident Triage

Dependent on the type of the incident, it might be necessary to manually determine whether an incident has actually occurred (e.g., a data breach made public). Incidents automatically reported by e.g. network sensors are trusted a priori and are implicitly checked for plausibility. Afterwards the scope and the affected assets are analyzed and the incident is prioritized and assigned to the responsible persons for further processing.  

5.1.2. Incident Coordination

Incident response is coordinated with the owners of the affected assets and the responsible IT security authority. Dependent on the owner of the affected asset, sCERT may have the authority to either actively engage in the IT security incident or to provide advisories.

5.1.3. Incident Resolution

In case Erste Digital GmbH is the accountable entity of the assets affected in the security incident, sCERT takes care of the incident mitigation.

In case the incident is related to assets owned by their network/datacenter customers (e.g. hosted Erste Group services), sCERT collects incident updates from the responsible IT security authority.

5.2  Proactive Activities

sCERT takes care of the vulnerability management and provides cyber threat intelligence service. sCERT is in contact with IT security responsible persons of their network/datacenter customers (e.g. hosted Erste Group services). sCERT takes part in information security related activities on a national and European level and takes part in security audits and penetration tests.

6. Incident Reporting Forms

No specific requirements.

7. Disclaimers

While every precaution will be taken in the preparation of information, notifications and alerts, 

sCERT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.