Who should I choose as my Sirtfi contact?
The purpose of this page is to assist you in selecting a Sirtfi contact for your entity. Your federation operators may provide valuable recommendations – be sure to liaise with them for guidance.
- The Sirtfi contact should be an individual or group who has agreed to perform the incident response obligations of the Sirtfi Framework on behalf of the entity
- Existing incident response structures, including CERTs, may be leveraged where available
Correspondence sent to the Sirtfi contact must not be publicly archived
A flow chart has been provided to describe the thought process for choosing a Sirtfi contact.
Example Sirtfi contact choices
By liaising with your federation operators, you should be able to gauge which potential Sirtfi contact is best placed to be the initial point of contact during federated incident response. Consider the expertise, availability and mandate of candidates when making your decision. The table below provides some example choices of Sirtfi contact.
Entity in federation with centralised incident response support
External security team – Federation
Entity in e-infrastructure with centralised support
External security team – e-Infrastructure
Entity within organisation with federation aware security team
Organisation’s security team
Mature entity with security conscious entity support
Entity’s support team or individual
Small scale entity
Individual with appropriate knowledge
What are the expectations on the Sirtfi contact?
The Sirtfi contact will:
- Use and respect the Traffic Light Protocol (TLP) during all incident response correspondence
- Promptly acknowledge receipt of a security incident report
- As soon as circumstances allow, investigate incident reports regarding resources, services, or identities for which they are responsible
Which information is required?
The following fields are mandatory for a Sirtfi contact:
Can additional information be included?
Additional fields, such as telephone numbers or secondary email addresses, may be added if desired. Only fields from the OASIS Standard for contactType may be added.