From de9487ae090162857fde0c3f60f58aeba2e89489 Mon Sep 17 00:00:00 2001 From: nckroy Date: Mon, 15 Jul 2019 11:59:35 -0600 Subject: [PATCH] Updated to generify, v.1.3 --- main.adoc | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/main.adoc b/main.adoc index 419eb36..62a16a4 100644 --- a/main.adoc +++ b/main.adoc @@ -3,23 +3,23 @@ == InCommon Federation Security Incident Handling Framework *Prepared by:* Nicholas Roy, Director of Technology and Strategy, InCommon + -*Version:* 1.2 + -*Date:* February 27, 2017 +*Version:* 1.3 + +*Date:* July 15, 2019 *Document Title: InCommon Security Incident Handling Framework* + -*Repository ID: TI.100.1* + -*DOI: 10.26869/TI.100.1* + -*Persistent URL: http://doi.org/10.26869/TI.100.1* + +*Repository ID: OBTAIN NEW* + +*DOI: OBTAIN NEW* + +*Persistent URL: OBTAIN NEW* + *Authors: Nicholas Roy* + -*Publication Date: January 30, 2017* + +*Publication Date: UPDATE* + *Sponsor: InCommon Steering Committee* + *Superseded documents: None* + -*Proposed future review date: March 1, 2019* + -*Subject tags: federation, trust, incommon* +*Proposed future review date: August 1, 2021* + +*Subject tags: security, incident, trust, incommon, services* -*© 2018 Internet2* + +*© 2019 Internet2* + *This work is licensed under a https://creativecommons.org/licenses/by/4.0/[Creative Commons Attribution 4.0 International License.]* === Change Log @@ -34,6 +34,7 @@ |Prepublication|Added governing language reference|January 19, 2017|1.0|Nicholas Roy |Publication|Revisions from Internet2 General Counsel|January 30, 2017|1.1|Nicholas Roy |Publication|Revisions to fix typos and add document repository information|February 27, 2018|1.2|Nicholas Roy +|Draft|Support other InCommon services|July 15, 2019|1.3|Nicholas Roy| |=== <<< @@ -43,7 +44,7 @@ === Table of Contents -InCommon Federation Security Incident Handling Framework + +InCommon Security Incident Handling Framework + Table of Contents + Governing Language + Mission Statement of InCommon CSIRT + @@ -62,6 +63,7 @@ Appendix A: Foundational Documents + Appendix B: Acknowledgements + === Governing Language +WARNING: We likely need different governing language to make this apply beyond the federation, since this references the FEDERATION OPP. The InCommon Federation Operating Policies and Practices [1] document states, as of July, 2016: @@ -75,7 +77,7 @@ _If InCommon suspects any compromise or negligence on the part of a Participant, InCommon’s Computer Security Incident Response Team (CSIRT) is a group of identified individuals working at Internet2 and in the community, assigned specific roles, and chartered to respond to security incidents related to InCommon’s trust, identity and security-related services so that they may be relied upon by InCommon participants for mission-critical and security-sensitive operations on an ongoing basis. To that end, the InCommon CSIRT will: * Receive information about security-related threats to InCommon infrastructure -* Receive information about security-related threats to InCommon participants’ federating systems +* Receive information about security-related threats to relevant aspects of InCommon participants’ systems * Assess the risk of such threats * Develop response and remediation plans where appropriate to address these threats * Execute, with the possible addition of needed external resources, incident response according to a documented incident handling framework @@ -96,7 +98,7 @@ Any party may make InCommon’s CSIRT aware of a relevant security incident or d *_Inquiries from any law enforcement agency regarding a security incident, including formal legal process such as subpoenas and warrants, must be directed to the General Counsel of Internet2._* -*DO NOT* communicate any sensitive information via these channels. InCommon Federation staff will set up a secure communications channel with you, if need be, after your initial request is received +*DO NOT* communicate any sensitive information via these channels. InCommon staff will set up a secure communications channel with you, if need be, after your initial request is received InCommon’s CSIRT will accept, evaluate and reply (when necessary and deemed appropriate) to valid submissions as soon as possible, but in no event later than 24 hours after receipt of the notice. @@ -142,7 +144,7 @@ To be in scope for action by InCommon’s CSIRT, mitigation of the incident must An incident or disclosure which has compromised, or may lead to the compromise of, systems or services that affect one or more of: . InCommon Operations or its upstream or third-party providers (for example, cloud hosting providers, multifactor authentication providers, etc.) on which its operations depend. -. The systems or services of an InCommon Participant relevant to federation participation, such as Identity Provider or Service Provider software or related cryptographic materials. +. The systems or services of an InCommon Participant relevant to their InCommon participation, such as Identity Provider or Service Provider software or related cryptographic materials. . Any other operational aspect of InCommon’s trust services. are deemed to be in-scope for InCommon’s incident handling processes and should be assessed for nature and criticality before any further actions are taken. If an incident is not in-scope, it will be documented and handed off to the appropriate party (internal to or external to InCommon) for further assessment and handling.