CSIRT RFC 2350
1. About this document Post CSIRT profile established according to RFC 2350 Version: 1 Date: Tue, 23 Feb 2021 16:00:00 +0100 Author: csirt@post.at 1.1 Date of Last Update Date: Mon, 22 Mar 2021 11:00:00 +0100 1.2 Distribution List for Notifications There are no distribution/mailing lists defined for the notification about updates to this document. 1.3 Locations where this document may be found The current version of this Post CSIRT description document is available at: https://post.at/rfc2350 2. Contact Information 2.1 Name of the Team Post CSIRT: Computer Security Incident Response Team of Österreichische Post AG 2.2 Address Österreichische Post AG Rochusplatz 1 1030 Vienna AUSTRIA 2.3 Time Zone Central Europe Time (UTC+0100, UTC+0200 from last Sunday in March to last Sunday in October) 2.4 Telephone Number +43 664 6247117
2.5 Facsimile Number None. 2.6 Other Telecommunication None. 2.7 Electronic Mail Address csirt(at)post.at 2.8 Public Keys and Encryption Information Post CSIRT uses a master signing key to sign all keys used for operational purposes. Do NOT use it for communication with Post CSIRT. The master signing key is:
pub rsa4096/F110B051 2021-03-04 [SC] [expires: 2043-03-06] F159 0843 4C29 3290 52BB B806 89A1 982B F110 B051 uid Master Signing Key <signing-only-key-no-mail@post.at> sub rsa4096 2021-03-04 [E] [expires: 2043-03-06]
Encrypted communication to Post CSIRT is possible with the following team key:
pub rsa4096/1C1D2AC3 2021-03-04 [SC] [expires: 2033-03-04] 4576 747B 6918 5E46 3B53 7535 8518 4032 1C1D 2AC3 uid Post CSIRT <csirt@post.at> sub rsa4096 2019-02-25 [E] [expires: 2033-03-04]
Encrypted communications with Post CSIRT should use this – and only this-operational key.
2.9 Team Members No information is provided in public. 2.10 Other Information Post CSIRTs e-mail address is csirt(at)post.at. This is the preferred channel for reporting incidents and communication with Post CSIRT If it is not possible or appropriate, you can reach Post CSIRT via telephone (see Ch. 2.4) Post CSIRT's hours of operation are our regular business hours (09:00-16:00 Monday to Friday except public holidays). 3. Charter 3.1 Mission Statement The Post CSIRT is the contact for technical issues in information security of Österreichische Post AG. The goal of the Post CSIRT is the mitigation of security issues affecting the Österreichische Post AG. 3.2 Constituency Post CSIRT’s services are available to Österreichische Post AG and their network/datacenter affiliated companies or subsidiaries. Austrian Post CSIRT has authority over ASN AS206322. 3.3 Sponsorship and/or Affiliation Post CSIRT is located at IT department of Österreichische Post AG Headquarter. Post CSIRT is part of and funded by Österreichische Post AG 3.4 Authority In case of security incidents (see Ch. 4.1), Post CSIRT cooperates with representatives of its constituency (see Ch. 3.2). Post CSIRT is in charge of proactive and reactive IT security measures within Österreichische Post AG. 4. Policies 4.1 Types of Incidents and Level of Support Post CSIRT is authorized to address computer security incidents which occur in its constituency (cf. 3.2) 4.2 Co-operation, Interaction and Disclosure of Information Post CSIRT cooperates with the relevant public authorities and regulatory bodies. The Post CSIRT cooperates at national level with other CERTs(CERT.at). Post CSIRT does not disclose any internal information related to its constituency. 4.3 Communication and Authentication For normal communication not containing sensitive information Post CSIRT will use conventional methods like unencrypted e-mail or fax. For secure communication PGP-Encrypted e-mail will be used. If it is necessary to authenticate a person before communicating, this can be done either through existing webs of trust or by other methods like call-back, mail-back or even face-to-face meeting if necessary.
5. Services 5.1 Incident Response Post CSIRT coordinates incident prevention, handling and response within its constituency. 5.1.1 Incident Triage - Determine wether an incident is authentic - Assessing and prioritizing the incident - Determine the involved applications and departments 5.1.2 Incident Coordination - Contact involved departments and ask them to investigate and take appropriate mitigation steps - Notify other departments if appropriate - Facilitating contact to other parties which can help resolve the incident - Send reports to other CERTs if appropriate 5.1.3 Incident Resolution Advise local security teams on appropriate actions - Follow up on the progress of the concerned local security teams - Ask for reports - Report back Post CSIRT collects statistics about incidents within its constituency.
5.2 Proactive Activities Post CSIRT provides the following proactive services: - Maintain contact information of local security teams - Raise security awareness in its constituency - Publish announcements concerning serious security threats to its constituency - Observe current trends in technology - Distribute relevant knowledge to the constituency - Vulnerability management within its constituency 6. Incident Reporting Forms No specific requirements.
7. Disclaimers While every precaution will be taken in the preparation of information, notifications and alerts, Post CSIRT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained therein.