1 Document Information
This document contains a RFC 2350 conform description of sCERT according to RFC 2350.
Date: Mon, 18 Jun 2018 11:00:00 +0100
1.1 Date of Last Update
Date: Mon, 18 Jun 2018 11:00:00 +0100
1.2 Distribution List for Notifications
There are no distribution/mailing lists defined for the notification about updates to this document.
1.3 Locations where this Document May Be Found
The current version of the description of the sCert is available at: https://www.s-itsolutions.at/de/home/rfc2350
The signed version of this document is available at: https://www.s-itsolutions.at/content/dam/at/sit/rfc2350_v2_signed.txt
The key used for signing is the sCERT key as listed under 2.8.
2 Contact Information
2.1 Name of the Team
sCERT - CERT der oesterreichischen Sparkassengruppe
s IT Solutions AT Spardat GmbH
2.3 Time Zone
GMT+0100 (+0200 during day-light saving time).
2.4 Telephone Number
+43 (0)5 0100 - 39700
2.5 Facsimile Number
2.6 Other Telecommunication
2.7 Electronic Mail Address
2.8 Public Keys and Encryption Information
sCERT uses a master signing key to sign all keys used for operational purposes. Do NOT use it for communication with sCERT The master signing key is:
pub 4096R/A668A63D 2017-06-19
Fingerprint=9FB4 5AAC 9F15 FECB BAC3 CE22 F9C0 2552 A668 A63D
uid sCERT Master Signing Key (Used for signing the operational sCert GPG key) <email@example.com>
sig sig3 A668A63D 2018-06-11 __________ 2023-06-30 [selfsig]
Communication by sCERT will be signed by the team key, which is as of 2017/06:
pub 4096R/9D4421E8 2017-06-19
Fingerprint=6507 F234 3E22 D375 54F4 590C 493E 9325 9D44 21E8
uid sCert (sCert Team Key) <firstname.lastname@example.org>
sig sig A668A63D 2017-06-19 __________ __________ sCERT Master Signing Key (Used for signing the operational sCert GPG key) <email@example.com>
sig sig3 9D4421E8 2018-06-11 __________ 2019-06-30 [selfsig]
sub 4096R/C9F7FD1E 2018-06-11
sig sbind 9D4421E8 2018-06-11 __________ 2019-06-30 
The keys are available at most key servers.
2.9 Team Members
No information is provided in public.
2.10 Other Information
2.11 Points of Customer Contact
The preferred way of contacting sCERT is by means of e-mail. If it is not possible or appropriate to use e-mail, you can reach us via telephone (see Ch. 2.4)
sCERT’s hours of operation are generally restricted to business hours: Mon-Fri, 8 a.m. - 4 p.m. CET/CEST.
3.1 Mission Statement
sCERT’s mission is to coordinate and operate activities regarding IT security issues for the audience defined in Ch. 3.2.
sCERT’s services are available to sIT Solutions AT Spardat GmbH and their network/datacenter customers (e.g. hosted Erste Group services).
sCERT has authority over ASNs AS12895 and AS24647.
3.3 Sponsorship and/or Affiliation
sCERT is part of and funded by s IT Solutions AT Spardat GmbH.
In case of security incidents (see Ch. 4.1), sCERT cooperates with the people defined in Ch. 3.2.
sCERT is in charge of proactive and reactive IT security measures within s IT Solutions AT Spardat GmbH.
4.1 Types of Incidents and Level of Support
sCERT’s duties include proactive and reactive handling of all possible kinds of IT security incidents.
4.2 Co-operation, Interaction and Disclosure of Information
sCERT cooperates with the relevant public authorities and regulatory bodies.
sCERT interacts with trusted CSIRTs on a national and international level where considered useful mainly by sharing experience and best practices. sCERT does not disclose any internal information related to its constituency.
4.3 Communication and Authentication
The Information Sharing Traffic Light Protocol (ISTLP) is applied on any information exchanged between sCERT and other CSIRTs, regardless of the communication media (e.g., e-Mail, telephone, or face-to-face meetings). For the exchange of electronic information between sCERT and other CSIRTs PGP is used. The keys used are available in Chapter 2.8. Before establishing a communication channel it is necessary to authenticate the communication counterpart by appropriate ways (e.g., webs of trust, physical identification, or call-back).
5.1 Incident Response
5.1.1. Incident Triage
Dependent on the type of the incident, it might be necessary to manually determine whether an incident has actually occurred (e.g., a data breach made public). Incidents automatically reported by e.g. network sensors are trusted a priori and are implicitly checked for plausibility. Afterwards the scope and the affected assets are analyzed and the incident is prioritized and assigned to the responsible persons for further processing.
5.1.2. Incident Coordination
Incident response is coordinated with the owners of the affected assets and the responsible IT security authority. Dependent on the owner of the affected asset, sCERT may have the authority to either actively engage in the IT security incident or to provide advisories.
5.1.3. Incident Resolution
In case s IT Solutions AT Spardat GmbH is the accountable entity of the assets affected in the security incident, sCERT takes care of the incident mitigation.
In case the incident is related to assets owned by their network/datacenter customers (e.g. hosted Erste Group services), sCERT collects incident updates from the responsible IT security authority.
5.2 Proactive Activities
sCERT takes care of the vulnerability management. sCERT is in contact with IT security responsible persons of their network/datacenter customers (e.g. hosted Erste Group services). sCERT takes part in information security related activities on a national and European level and takes part in security audits and penetration tests.
6 Incident Reporting Forms
No specific requirements.
While every precaution will be taken in the preparation of information, notifications and alerts, sCERT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.