Merge pull request #6 from internet2/v1.6

V1.6

docs/index.html

@@ -445,8 +445,8 @@ <h2 id="_internet2_trust_and_identity_services_incident_handling_framework">Inte
 <div class="sectionbody">
 <div class="paragraph">
 <p><strong>Prepared by:</strong> Nicholas Roy, Director of Technology and Strategy, InCommon/Internet2 Trust and Identity Services<br>
-<strong>Version:</strong> 1.5<br>
-<strong>Date:</strong> September 26, 2019</p>
+<strong>Version:</strong> 1.6<br>
+<strong>Date:</strong> February 17, 2020</p>
 </div>
 <div class="paragraph">
 <p><strong>Document Title: Internet2 Trust and Identity Services Security Incident Handling Framework</strong><br>
@@ -457,11 +457,11 @@ <h2 id="_internet2_trust_and_identity_services_incident_handling_framework">Inte
 <strong>Publication Date: UPDATE</strong><br>
 <strong>Sponsor: Vice President, Internet2 Trust and Identity Services</strong><br>
 <strong>Superseded documents: None</strong><br>
-<strong>Proposed future review date: September 5, 2021</strong><br>
+<strong>Proposed future review date: February 17, 2022</strong><br>
 <strong>Subject tags: security, incident, trust, identity, incommon, services</strong></p>
 </div>
 <div class="paragraph">
-<p><strong>© 2019 Internet2</strong><br>
+<p><strong>© 2020 Internet2</strong><br>
 <strong>This work is licensed under a <a href="https://creativecommons.org/licenses/by/4.0/">Creative Commons Attribution 4.0 International License.</a></strong></p>
 </div>
 <div class="sect2">
@@ -554,6 +554,13 @@ <h3 id="_change_log">Change Log</h3>
 <td class="tableblock halign-left valign-top"><p class="tableblock">1.5</p></td>
 <td class="tableblock halign-left valign-top"><p class="tableblock">Nicholas Roy</p></td>
 </tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Draft</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Added information about PGP key usage</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">February 17, 2020</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">1.6</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">Nicholas Roy</p></td>
+</tr>
 </tbody>
 </table>
 <div style="page-break-after: always;"></div>
@@ -639,7 +646,7 @@ <h3 id="_initial_contactnotification_and_triage">Initial Contact/Notification an
 <p><strong><em>Inquiries from any law enforcement agency regarding a security incident, including formal legal process such as subpoenas and warrants, must be directed to the General Counsel of Internet2.</em></strong></p>
 </div>
 <div class="paragraph">
-<p><strong>DO NOT</strong> communicate any sensitive information via these channels.  Internet2 staff will set up a secure communications channel with you, if need be, after your initial request is received</p>
+<p>You can use InCommon&#8217;s PGP public key to encrypt sensitive information you send to us via email. Information on this key is available at: <a href="https://incommon.org/incident-reponse/">https://incommon.org/incident-reponse/</a>. <strong>DO NOT</strong> send sensitive information in unecrypted email.</p>
 </div>
 <div class="paragraph">
 <p>The CSIRT will accept, evaluate and reply (when necessary and deemed appropriate) to valid submissions as soon as possible, but in no event later than 24 hours after receipt of the notice.</p>
@@ -1052,7 +1059,7 @@ <h3 id="_appendix_b_acknowledgements">Appendix B: Acknowledgements</h3>
 </div>
 <div id="footer">
 <div id="footer-text">
-Last updated 2019-09-26 15:39:11 -0600
+Last updated 2020-02-17 14:29:12 -0700
 </div>
 </div>
 </body>

main.adoc

@@ -3,8 +3,8 @@
 == Internet2 Trust and Identity Services Incident Handling Framework
 
 *Prepared by:* Nicholas Roy, Director of Technology and Strategy, InCommon/Internet2 Trust and Identity Services +
-*Version:* 1.5 +
-*Date:* September 26, 2019
+*Version:* 1.6 +
+*Date:* February 17, 2020
 
 
 
@@ -16,10 +16,10 @@
 *Publication Date: UPDATE* +
 *Sponsor: Vice President, Internet2 Trust and Identity Services* +
 *Superseded documents: None* +
-*Proposed future review date: September 5, 2021* +
+*Proposed future review date: February 17, 2022* +
 *Subject tags: security, incident, trust, identity, incommon, services*
 
-*© 2019 Internet2* +
+*© 2020 Internet2* +
 *This work is licensed under a https://creativecommons.org/licenses/by/4.0/[Creative Commons Attribution 4.0 International License.]*
 
 === Change Log
@@ -36,7 +36,8 @@
 |Publication|Revisions to fix typos and add document repository information|February 27, 2018|1.2|Nicholas Roy
 |Draft|Support other InCommon services|July 15, 2019|1.3|Nicholas Roy
 |Draft|Changed from InCommon to Internet2 Trust and Identity Services|September 5, 2019|1.4|Nicholas Roy
-|Draft|Added language about who can declare an incident|September 26, 2019|1.5|Nicholas Roy|
+|Draft|Added language about who can declare an incident|September 26, 2019|1.5|Nicholas Roy
+|Draft|Added information about PGP key usage|February 17, 2020|1.6|Nicholas Roy|
 |===
 
 <<<
@@ -89,7 +90,7 @@ Any party may make the CSIRT aware of a relevant security incident or disclosure
 
 *_Inquiries from any law enforcement agency regarding a security incident, including formal legal process such as subpoenas and warrants, must be directed to the General Counsel of Internet2._*
 
-*DO NOT* communicate any sensitive information via these channels.  Internet2 staff will set up a secure communications channel with you, if need be, after your initial request is received
+You can use InCommon's PGP public key to encrypt sensitive information you send to us via email. Information on this key is available at: https://incommon.org/incident-reponse/[https://incommon.org/incident-reponse/]. *DO NOT* send sensitive information in unecrypted email.
 
 The CSIRT will accept, evaluate and reply (when necessary and deemed appropriate) to valid submissions as soon as possible, but in no event later than 24 hours after receipt of the notice.