RFC2350

1.1 Document revision

• This version has been updated at 10/05/2018 13:35
• This original version was published at 12/02/2018 14:53

1.2 Distribution list for notifications

• There is no distribution list for notifications.

1.3 Locations where this document may be found

The current version of this document can be found at:
https://csirt.docapost.fr/RFC2350_CSIRT_DOCAPOST.pdf

1.4 Document authenticity

• This document can be retrieved from only this site, using TLS/SSL also signed by the PGP certificate of CSIRT DOCAPOST.

The signature of the file : 
https://csirt.docapost.fr/RFC2350_CSIRT_DOCAPOST.pdf.sig

2. Contact information

2.1 Name of the Team

• CSIRT DOCAPOST (C.O.S.C: Centre Opérationnel de Sécurité et de Cyberdéfense)
• Short name : CSIRT-DOCAPOST

The DOCAPOST-CSIRT Team's is supported by :

2.2 Address

CERT La Poste
DISIT/SLCC (CISRT-DOCAPOST)
5 rue Rene Viviani
44263 Nantes cedex 2

2.3 Time Zone

• CEST / Central European Summer Time

2.4 Telephone Number

2.5 Facsimile Number

Fax : +33 (0) 234 092 746

2.6 Other Telecommunication

• None

2.7 Electronic Mail Address

cert-fr[@]laposte.fr
Sujet : [CSIRT DOCAPOST] : Incident description

2.8 Public key's and encryption information

The CSIRT-DOCAPOST current PGP key may be obtained by sending a request by mail for that at cert-fr[@]laposte.fr or is avaible on :

• PGP DOCAPOST directory
• PGP MIT directory

   Key ID : 0xE93BA775
   Fingerprint : 5209 9E34 2D35 ADAF 3CEF 026C 4E8F 0E31 E93B A775

2.9 Team members

• The team consists of five people.
• The team consists of IT security analysts.
• No personal information is indicated in this document

2.10 Other information

2.11 Points of customer contact

The CSIRT of DOCAPOST prefers to receive incident reports via e-mail. Please use our cryptographic keys above to ensure integrity and confidentiality. CSIRT DOCAPOST's hours of operation are restricted to regular business hours

07:00-20:00 Monday to Friday, all year long.

3. Charter

3.1 Mission statement

The CSIRT of DOCAPOST's mission is to coordinate and investigate IT security incident response for the Group DOCAPOST. The CSIRT of DOCAPOST will investigate any security incident that may involve a DOCAPOST Group subsidiarie or DOCAPOST as a source or target of an attack or any cyber-threat.

3.2 Constituency

Our constituency are composed of DOCAPOST Group and all subsidiaries.

3.3 Sponsorship and/or affiliation

The CSIRT of DOCAPOST is the Computer Security Incident Response Team (CSIRT) for the Group DOCAPOST. His funding is provided by the DOCAPOST Group.

3.4 Authority

The CSIRT of DOCAPOST coordinate security incidents concerning our constituency.

4. Policies

4.1 Types of incidents and level of support

The CSIRT of DOCAPOST addresses all kinds of security incidents which occur, or threaten to occur, within its constituency.

The level of support depends on the type and severity of the given security incident.

4.2 Co-operation, interaction and disclosure of information

The DOCAPOST CSIRT's will exchange all necessary information with other CSIRT's as well as with other affected parties if they are involved in the incident or incident response process.

No incident or vulnerability related information will be given to other persons. French law enforcement personnel requesting information in the course of a criminal investigation will be given the requested information within the limits of the court order and the criminal investigation, if they present a valid court order from a French court.

4.3 Communication and authentication

All e-mails sent to the CSIRT of DOCAPOST should be signed using PGP. All e-mails containing confidential information should be encrypted and signed using PGP. Information received in encrypted form should not be stored permanently in unencrypted form.

For other communication, a phone call, postal service, or unencrypted e-mail may be used. The CSIRT of DOCAPOST supports the Information Sharing Traffic Light Protocol (TLP).

5. Services

5.1 Incident response

The team offers the following services :

• Incident analysis
• Incident response support
• Incident response coordination
• Vulnerability response coordination

5.2 Proactive activities

The team offers the following services :

• Intrusion detection services

5.3 Reactive activities

The team offers the following services :

• Awareness building

6. Incident reporting forms

We do not have an incident reporting form. Please report security incidents via encrypted e-mail to csirt@docapost.fr

DOCAPOST CSIRT not have an incident reporting form. Please report security incidents via encrypted e-mail to DOCAPOST CSIRT mail contact

Incident reports should contain the following information:

• Incident date and time (including time zone)
• Source IPs, ports, and protocols
• Destination IPs, ports, and protocols
• Incident type
• And any relevant information

7. Disclaimers

This document is provided 'as is' without warranty of any kind, either expressed or implied, including, but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement.

If you notice any mistakes within this document please send a message to us by e-mail. We will try to resolve such issues as soon as possible.