Skip to content

Commit

Permalink
Added info on PGP key
Browse files Browse the repository at this point in the history
  • Loading branch information
nckroy committed Feb 17, 2020
1 parent a8dfd45 commit 24a458c
Showing 1 changed file with 8 additions and 5 deletions.
13 changes: 8 additions & 5 deletions main.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@
== Internet2 Trust and Identity Services Incident Handling Framework

*Prepared by:* Nicholas Roy, Director of Technology and Strategy, InCommon/Internet2 Trust and Identity Services +
*Version:* 1.5 +
*Date:* September 26, 2019
*Version:* 1.6 +
*Date:* February 17, 2020



Expand All @@ -16,10 +16,10 @@
*Publication Date: UPDATE* +
*Sponsor: Vice President, Internet2 Trust and Identity Services* +
*Superseded documents: None* +
*Proposed future review date: September 5, 2021* +
*Proposed future review date: February 17, 2022* +
*Subject tags: security, incident, trust, identity, incommon, services*

2019 Internet2* +
2020 Internet2* +
*This work is licensed under a https://creativecommons.org/licenses/by/4.0/[Creative Commons Attribution 4.0 International License.]*

=== Change Log
Expand All @@ -37,6 +37,7 @@
|Draft|Support other InCommon services|July 15, 2019|1.3|Nicholas Roy
|Draft|Changed from InCommon to Internet2 Trust and Identity Services|September 5, 2019|1.4|Nicholas Roy
|Draft|Added language about who can declare an incident|September 26, 2019|1.5|Nicholas Roy|
|Draft|Added information about PGP key usage|February 17, 2020|1.6|Nicholas Roy|
|===

<<<
Expand Down Expand Up @@ -89,7 +90,9 @@ Any party may make the CSIRT aware of a relevant security incident or disclosure

*_Inquiries from any law enforcement agency regarding a security incident, including formal legal process such as subpoenas and warrants, must be directed to the General Counsel of Internet2._*

*DO NOT* communicate any sensitive information via these channels. Internet2 staff will set up a secure communications channel with you, if need be, after your initial request is received
*IF YOU HAVE A PGP KEY* You can use InCommon's PGP public key to encrypt sensitive information you send to us via email. Information on this key is available at: https://incommon.org/incident-reponse/[https://incommon.org/incident-reponse/]

*IF YOU DO NOT HAVE A PGP KEY, DO NOT* communicate any sensitive information via these channels. Internet2 staff will set up a secure communications channel with you, if need be, after your initial request is received

The CSIRT will accept, evaluate and reply (when necessary and deemed appropriate) to valid submissions as soon as possible, but in no event later than 24 hours after receipt of the notice.

Expand Down

0 comments on commit 24a458c

Please sign in to comment.