RFC2350

De Docaposte Cyberdéfense
Révision datée du 20 avril 2020 à 13:15 par Scarpentier (discussion | contributions)
(diff) ← Version précédente | Voir la version actuelle (diff) | Version suivante → (diff)
Aller à : navigation, rechercher

Description of CSIRT DOCAPOST

1. Document Information


This document contains a description of CSIRT DOCAPOST according to RFC 2350. It provides information about the Computer Security Incident Response Team, how to contact the team, and describes its responsibilities and the services offered by the CSIRT DOCAPOST.


1.1 Document revision

  • This version has been updated at 10/05/2018 13:35
  • This original version was published at 12/02/2018 14:53


1.2 Distribution list for notifications

  • There is no distribution list for notifications.


1.3 Locations where this document may be found

QRCode CSIRT URL RFC2350.png.png

The current version of this document can be found at:
https://csirt.docapost.fr/RFC2350_CSIRT_DOCAPOST.pdf

1.4 Document authenticity

  • This document can be retrieved from only this site, using TLS/SSL also signed by the PGP certificate of CSIRT DOCAPOST.
The signature of the file : 
https://csirt.docapost.fr/RFC2350_CSIRT_DOCAPOST.pdf.sig

2. Contact information


This section describes how to contact the CSIRT DOCAPOST


2.1 Name of the Team

  • CSIRT DOCAPOST (C.O.S.C: Centre Opérationnel de Sécurité et de Cyberdéfense)
  • Short name : CSIRT-DOCAPOST


The DOCAPOST-CSIRT Team's is supported by :

Logo-laposte.png

  • Computer Emergency Response Team - La Poste
  • Short name : CERT La Poste
  • Accredited since 27 Mar 2015

Ti-logo.jpg


2.2 Address

CERT La Poste
DISIT/SLCC (CISRT-DOCAPOST)
5 rue Rene Viviani
44263 Nantes cedex 2


2.3 Time Zone

  • CEST / Central European Summer Time


2.4 Telephone Number


2.5 Facsimile Number

Fax : +33 (0) 234 092 746


2.6 Other Telecommunication

  • None


2.7 Electronic Mail Address

525949434995.png

cert-fr[@]laposte.fr
Sujet : [CSIRT DOCAPOST] : Incident description


2.8 Public key's and encryption information

The CSIRT-DOCAPOST current PGP key may be obtained by sending a request by mail for that at cert-fr[@]laposte.fr or is avaible on :


   Key ID : 0xE93BA775
   Fingerprint : 5209 9E34 2D35 ADAF 3CEF 026C 4E8F 0E31 E93B A775


2.9 Team members

  • The team consists of five people.
  • The team consists of IT security analysts.
  • No personal information is indicated in this document


2.10 Other information

QRCode CSIRT URL.png

2.11 Points of customer contact

The CSIRT of DOCAPOST prefers to receive incident reports via e-mail. Please use our cryptographic keys above to ensure integrity and confidentiality. CSIRT DOCAPOST's hours of operation are restricted to regular business hours

07:00-20:00 Monday to Friday, all year long.

3. Charter


Within this section the CSIRT DOCAPOST mandate is described.


3.1 Mission statement

The CSIRT of DOCAPOST's mission is to coordinate and investigate IT security incident response for the Group DOCAPOST. The CSIRT of DOCAPOST will investigate any security incident that may involve a DOCAPOST Group subsidiarie or DOCAPOST as a source or target of an attack or any cyber-threat.


3.2 Constituency

Our constituency are composed of DOCAPOST Group and all subsidiaries.


3.3 Sponsorship and/or affiliation

The CSIRT of DOCAPOST is the Computer Security Incident Response Team (CSIRT) for the Group DOCAPOST. His funding is provided by the DOCAPOST Group.


3.4 Authority

The CSIRT of DOCAPOST coordinate security incidents concerning our constituency.

4. Policies


This section describes the policies of DOCAPOST CSIRT

4.1 Types of incidents and level of support

The CSIRT of DOCAPOST addresses all kinds of security incidents which occur, or threaten to occur, within its constituency.

The level of support depends on the type and severity of the given security incident.


4.2 Co-operation, interaction and disclosure of information

The DOCAPOST CSIRT's will exchange all necessary information with other CSIRT's as well as with other affected parties if they are involved in the incident or incident response process.

No incident or vulnerability related information will be given to other persons. French law enforcement personnel requesting information in the course of a criminal investigation will be given the requested information within the limits of the court order and the criminal investigation, if they present a valid court order from a French court.


4.3 Communication and authentication

All e-mails sent to the CSIRT of DOCAPOST should be signed using PGP. All e-mails containing confidential information should be encrypted and signed using PGP. Information received in encrypted form should not be stored permanently in unencrypted form.

For other communication, a phone call, postal service, or unencrypted e-mail may be used. The CSIRT of DOCAPOST supports the Information Sharing Traffic Light Protocol (TLP).

5. Services


This section describes the services the CSIRT DOCAPOST offers

5.1 Incident response

The team offers the following services :

  • Incident analysis
  • Incident response support
  • Incident response coordination
  • Vulnerability response coordination


5.2 Proactive activities

The team offers the following services :

  • Intrusion detection services


5.3 Reactive activities

The team offers the following services :

  • Awareness building

6. Incident reporting forms

We do not have an incident reporting form. Please report security incidents via encrypted e-mail to csirt@docapost.fr

DOCAPOST CSIRT not have an incident reporting form. Please report security incidents via encrypted e-mail to DOCAPOST CSIRT mail contact

Incident reports should contain the following information:

  • Incident date and time (including time zone)
  • Source IPs, ports, and protocols
  • Destination IPs, ports, and protocols
  • Incident type
  • And any relevant information

7. Disclaimers

This document is provided 'as is' without warranty of any kind, either expressed or implied, including, but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement.

If you notice any mistakes within this document please send a message to us by e-mail. We will try to resolve such issues as soon as possible.