RFC 2350

1 Document Information

This document contains a RFC 2350 conform description of sCERT according to RFC 2350.

Version: 3
Date: Wed, 4 Sept 2019 16:00:00 +0100
Author: team@scert.at

1.1 Date of Last Update

Date: Wed, 4 Sept 2019 16:00:00 +0100

1.2 Distribution List for Notifications

There are no distribution/mailing lists defined for the notification about updates to this document.

1.3 Locations where this Document May Be Found

The current version of the description of the sCert is available at: https://www.s-itsolutions.at/de/home/rfc2350
The signed version of this document is available at: https://www.s-itsolutions.at/content/dam/at/sit/rfc2350_signed.txt
The key used for signing is the sCERT key as listed under 2.8.

2  Contact Information

2.1 Name of the Team

sCERT - CERT der oesterreichischen Sparkassengruppe

2.2 Address

s IT Solutions AT Spardat GmbH
Geiselbergstraße 21-25
1110 Vienna
AUSTRIA

2.3 Time Zone

GMT+0100 (+0200 during day-light saving time).

2.4 Telephone Number

+43 (0)5 0100 - 39700

2.5 Facsimile Number

None.

2.6 Other Telecommunication

None.

2.7 Electronic Mail Address

team@scert.at

2.8  Public Keys and Encryption Information

sCERT uses a master signing key to sign all keys used for operational purposes. Do NOT use it for communication with sCERT The master signing key is:

pub rsa4096/f9c02552a668a63d 2017-06-19T12:25:45Z

                 Hash=f1fbd0289dcff12b4f9b615f0f000ae1

uid sCERT Master Signing Key (Used for signing the operational sCert GPG key) <signing-only-key@s-itsolutions.at>

sig  sig  f9c02552a668a63d 2017-06-19T12:25:45Z 2018-06-30T10:00:00Z ____________________ [selfsig]

sig  sig  f9c02552a668a63d 2018-06-11T12:04:08Z 2024-06-21T09:38:23Z ____________________ [selfsig]

Communication by sCERT will be signed by the personal key of the team member which is signed by the signing only key above. 

Encrypted communication to sCERT is possible with the following team key:

pub rsa4096/6507f2343e22d37554f4590c493e93259d4421e8 2017-06-19T12:31:40Z

                 Hash=ca6653b3c4c22cfb2f9a74f5675545d9

uid sCert (sCert Team Key) <team@scert.at>

sig  sig  493e93259d4421e8 2018-10-05T06:39:42Z 2020-10-15T06:29:30Z ____________________ [selfsig]

sig  sig  f9c02552a668a63d 2018-10-05T06:40:51Z ____________________
____________________ f9c02552a668a63d

sig  sig  493e93259d4421e8 2019-07-05T07:23:43Z 2022-07-16T04:52:03Z ____________________ [selfsig]

The keys are available at most key servers.

2.9 Team Members

No information is provided in public.

2.10 Other Information

None.

2.11 Points of Customer Contact

The preferred way of contacting sCERT is by means of e-mail (team@scert.at). If it is not possible or appropriate to use e-mail, you can reach us via telephone (see Ch. 2.4)

sCERT’s hours of operation are generally restricted to business hours: Mon-Fri, 8 a.m. - 4 p.m. CET/CEST.

3 Charter

3.1 Mission Statement

sCERT’s mission is to coordinate and operate activities regarding IT security issues for the audience defined in Ch. 3.2.

3.2 Constituency

sCERT’s services are available to sIT Solutions AT Spardat GmbH and their network/datacenter customers (e.g. hosted Erste Group services).

sCERT has authority over ASNs AS12895 and AS24647.

3.3 Sponsorship and/or Affiliation

sCERT is part of and funded by s IT Solutions AT Spardat GmbH.

3.4 Authority

In case of security incidents (see Ch. 4.1), sCERT cooperates with representatives of its constituency (see Ch. 3.2).

sCERT is in charge of proactive and reactive IT security measures within s IT Solutions AT Spardat GmbH.

4 Policies

4.1 Types of Incidents and Level of Support

sCERT’s duties include proactive and reactive handling of all possible kinds of IT security incidents as well as awareness and training activities for employees of its constituency (see Ch. 3.2).

4.2 Co-operation, Interaction and Disclosure of Information

sCERT cooperates with the relevant public authorities and regulatory bodies.
sCERT interacts with trusted CSIRTs on a national and international level where considered useful mainly by sharing experience and best practices. sCERT does not disclose any internal information related to its constituency.

4.3 Communication and Authentication

The Information Sharing Traffic Light Protocol (ISTLP) is applied on any information exchanged between sCERT and other CSIRTs, regardless of the communication media (e.g., e-mail, telephone, or face-to-face meetings). For the exchange of electronic information between sCERT and other CSIRTs PGP is used. The keys used are available in Chapter 2.8. Before establishing a communication channel it is necessary to authenticate the communication counterpart by appropriate ways (e.g., webs of trust, physical identification, or call-back).

5 Services

5.1 Incident Response

5.1.1. Incident Triage

Dependent on the type of the incident, it might be necessary to manually determine whether an incident has actually occurred (e.g., a data breach made public). Incidents automatically reported by e.g. network sensors are trusted a priori and are implicitly checked for plausibility. Afterwards the scope and the affected assets are analyzed and the incident is prioritized and assigned to the responsible persons for further processing. 

5.1.2. Incident Coordination

Incident response is coordinated with the owners of the affected assets and the responsible IT security authority. Dependent on the owner of the affected asset, sCERT may have the authority to either actively engage in the IT security incident or to provide advisories.

5.1.3. Incident Resolution

In case s IT Solutions AT Spardat GmbH is the accountable entity of the assets affected in the security incident, sCERT takes care of the incident mitigation.

In case the incident is related to assets owned by their network/datacenter customers (e.g. hosted Erste Group services), sCERT collects incident updates from the responsible IT security authority.

5.2  Proactive Activities

sCERT takes care of the vulnerability management and provides cyber threat intelligence service. sCERT is in contact with IT security responsible persons of their network/datacenter customers (e.g. hosted Erste Group services). sCERT takes part in information security related activities on a national and European level and takes part in security audits and penetration tests.

6 Incident Reporting Forms

No specific requirements.

7 Disclaimers

While every precaution will be taken in the preparation of information, notifications and alerts, sCERT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.