1. About this document

Post CSIRT profile established according to RFC 2350

Version: 1
Date: Tue, 23 Feb 2021 16:00:00 +0100
Author: csirt@post.at
1.1 Date of Last Update
Date: Mon, 22 Mar 2021 11:00:00 +0100

1.2 Distribution List for Notifications

There are no distribution/mailing lists defined for the notification about updates to this document.
1.3 Locations where this document may be found
The current version of this Post CSIRT description document is available at: https://post.at/rfc2350

2. Contact Information
2.1 Name of the Team

Post CSIRT: Computer Security Incident Response Team of Österreichische Post AG
2.2 Address
Österreichische Post AG
Rochusplatz 1
1030 Vienna
2.3 Time Zone
Central Europe Time (UTC+0100, UTC+0200 from last Sunday
in March to last Sunday in October)
2.4 Telephone Number
+43 664 6247117

2.5 Facsimile Number
2.6 Other Telecommunication
2.7 Electronic Mail Address
2.8 Public Keys and Encryption Information
Post CSIRT uses a master signing key to sign all keys used for operational purposes. Do NOT use it for communication with Post CSIRT. The master signing key is: 

pub   rsa4096/F110B051 2021-03-04 [SC] [expires: 2043-03-06]
      F159 0843 4C29 3290 52BB B806 89A1 982B F110 B051
uid           Master Signing Key <signing-only-key-no-mail@post.at>
sub   rsa4096 2021-03-04 [E] [expires: 2043-03-06]

Encrypted communication to Post CSIRT is possible with the following team key:

pub   rsa4096/1C1D2AC3 2021-03-04 [SC] [expires: 2033-03-04]

      4576 747B 6918 5E46 3B53 7535 8518 4032 1C1D 2AC3
uid           Post CSIRT <csirt@post.at>
sub   rsa4096 2019-02-25 [E] [expires: 2033-03-04]

Encrypted communications with Post CSIRT should use this – and only this-operational key.

2.9 Team Members
No information is provided in public.
2.10 Other Information
Post CSIRTs e-mail address is csirt(at)post.at. This is the preferred channel for reporting incidents and communication with Post CSIRT 
If it is not possible or appropriate, you can reach Post CSIRT via telephone (see Ch. 2.4)

Post CSIRT's hours of operation are our regular business hours
(09:00-16:00 Monday to Friday except public holidays).
3. Charter
3.1 Mission Statement
The Post CSIRT is the contact for technical issues in information security of Österreichische Post AG.
The goal of the Post CSIRT is the mitigation of security issues affecting the Österreichische Post AG.

3.2 Constituency
Post CSIRT’s services are available to Österreichische Post AG and their network/datacenter affiliated companies or subsidiaries.

Austrian Post CSIRT has authority over ASN AS206322.

3.3 Sponsorship and/or Affiliation
Post CSIRT is located at IT department of Österreichische Post AG Headquarter. Post CSIRT is part of and funded by Österreichische Post AG
3.4 Authority
In case of security incidents (see Ch. 4.1), Post CSIRT cooperates with representatives of its constituency (see Ch. 3.2).

Post CSIRT is in charge of proactive and reactive IT security measures within Österreichische Post AG.
4. Policies
4.1 Types of Incidents and Level of Support
Post CSIRT is authorized to address computer security
incidents which occur in its constituency (cf.
4.2 Co-operation, Interaction and Disclosure of Information
Post CSIRT cooperates with the relevant public authorities and regulatory bodies.
The Post CSIRT cooperates at national level with other CERTs(CERT.at).

Post CSIRT does not disclose any internal information related to its constituency.
4.3 Communication and Authentication
For normal communication not containing sensitive information Post CSIRT will use conventional methods like unencrypted e-mail or fax.

For secure communication PGP-Encrypted e-mail will be used. If it is necessary to authenticate a person before communicating, this can be done either through existing webs of trust or by other methods like call-back, mail-back or even face-to-face meeting if necessary.

5. Services
5.1 Incident Response

Post CSIRT coordinates incident prevention, handling and response within its constituency.
5.1.1 Incident Triage

- Determine wether an incident is authentic
- Assessing and prioritizing the incident
- Determine the involved applications and departments

5.1.2 Incident Coordination

- Contact involved departments and ask them to investigate and take appropriate mitigation steps
- Notify other departments if appropriate
- Facilitating contact to other parties which can help resolve the incident
- Send reports to other CERTs if appropriate

5.1.3 Incident Resolution

Advise local security teams on appropriate actions

- Follow up on the progress of the concerned local security teams
- Ask for reports
- Report back
Post CSIRT collects statistics about incidents within its constituency.

5.2 Proactive Activities

Post CSIRT provides the following proactive services:

 - Maintain contact information of local security teams
 - Raise security awareness in its constituency
 - Publish announcements concerning serious security threats to its constituency
 - Observe current trends in technology
 - Distribute relevant knowledge to the constituency
 - Vulnerability management within its constituency

6. Incident Reporting Forms 

No specific requirements.

7. Disclaimers
While every precaution will be taken in the preparation of information, notifications and alerts, Post CSIRT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained therein.