RFC2350

De Docaposte Cyberdéfense
Révision datée du 13 février 2018 à 17:49 par Scarpentier (discussion | contributions) (1. Document Information)
Aller à : navigation, rechercher

CSIRT Description for CSIRT-DOCAPOST

1. Document Information

This document contains a description of CSIRT DOCAPOST according to RFC 2350. It provides information about the Computer Security Incident Response Team, how to contact the team, and describes its responsibilities and the services offered by the CSIRT DOCAPOST.


1.1 Document revision

* This original version was published at 2018-02-12

1.2 Distribution List for Notifications

* There is no distribution list for notifications.

1.3 Locations where this document may be Found

* The current version of this document can be found at: https://csirt.docapost.fr/RFC2350_CSIRT_DOCAPOST.pdf

1.4 Document Authenticity

* This document can be retrieved from our webserver using TLS/SSL also signed by the CERT PGP certificate.

2. Contact Information

This section describes how to contact the CSIRT DOCAPOST.

2.1 Name of the Team

  • CSIRT DOCAPOST (Cellule Cyberdéfense)
  • Short name : CSIRT DOCAPOST

2.2 Address

CSIRT DOCAPOST / SERES 
20 Rue Dieumegard
93400 St Ouen - FRANCE

2.3 Time Zone CEST / Central European Summer Time,

2.4 Telephone Number +33 1 58 50 58 00

2.5 Facsimile Number None available.

2.6 Other Telecommunication None.

2.7 Electronic Mail Address cert@caissedesdepots.fr

2.8 Public Keys and Encryption Information Our current PGP-Key may be obtained by sending a request by mail for that at cert@caissedesdepots.fr 

   Key ID : 0xF9F77E0B
   Fingerprint : EB18 DE0D DAAF F860 3B55 F233 4C91 6CBF F9F7 7E0B

2.9 Team Members The Team leader is Tom Pineau. The team consists of IT security analysts.

2.10 Other Information The CERT-CDCFR Portal is available at: https://cert.caissedesdepots.fr

2.11 Points of Customer Contact CERT-CDCFR prefers to receive incident reports via e-mail. Please use our cryptographic keys above to ensure integrity and confidentiality. CERT-CDCFR's hours of operation are restricted to regular business hours (09:00-18:00 Monday to Friday), all year long.

3. Charter Within this section our mandate is described.

3.1 Mission Statement CERT-CDCFR's mission is to coordinate and investigate IT security incident response for the French Group: Caisse des Dépots. The CERT-CDCFR will investigate any security incident that may involve the CDC group entity as a source or target of an attack or any cyber-threat.

3.2 Constituency Our constituency are composed of Caisse des Dépôts Group and all subsidiaries.

3.3 Sponsorship and/or Affiliation CERT-CDCFR is the Computer Security Incident Response Team (CSIRT) for the Group Caisse des Dépots. Funding is provided by the group Caisse des Dépots.

CERT-CDCFR wish to be accredited at TF-CSIRT and member of National French Network (interCERT-FR).

3.4 Authority We coordinate security incidents concerning our constituency.

4. Policies This section describes our policies.

4.1 Types of Incidents and Level of Support CERT-CDCFR addresses all kinds of security incidents which occur, or threaten to occur, within its constituency.

The level of support depends on the type and severity of the given security incident, the amount of affected entities within our constituency, and our resources at the time. Usually our first response comes on the same working day during working hours, if not it will be on the following working day.

4.2 Co-operation, Interaction and Disclosure of Information

CERT-CDCFR will exchange all necessary information with other CSIRTs as well as with other affected parties if they are involved in the incident or incident response process.

No incident or vulnerability related information will be given to other persons. French law enforcement personnel requesting information in the course of a criminal investigation will be given the requested information within the limits of the court order and the criminal investigation, if they present a valid court order from a French court.

4.3 Communication and Authentication

All e-mails sent to the CERT CDCFR should be signed using PGP. All e-mails containing confidential information should be encrypted and signed using PGP. Information received in encrypted form should not be stored permanently in unencrypted form.

For other communication, a phone call, postal service, or unencrypted e-mail may be used. CERT-CDCFR supports the Information Sharing Traffic Light Protocol (TLP).

5. Services This section describes the services CERT-CDCFR offers.

5.1 Incident Response The team offers the following services : - Incident analysis - Incident response support - Incident response coordination - Vulnerability response coordination

5.2 Proactive Activities The team offers the following services : - Intrusion detection services

5.3 Reactive Activities The team offers the following services : - Awareness building

6. Incident Reporting Forms

We do not have an incident reporting form. Please report security incidents via encrypted e-mail to cert@caissedesdepots.fr.

Incident reports should contain the following information: 

   Incident date and time (including time zone)
   Source IPs, ports, and protocols
   Destination IPs, ports, and protocols
   And any relevant information

7. Disclaimers

This document is provided 'as is' without warranty of any kind, either expressed or implied, including, but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement.

If you notice any mistakes within this document please send a message to us by e-mail. We will try to resolve such issues as soon as possible.
Récupérée de « https://csirt.docapost.fr/index.php?title=RFC2350&oldid=520 »