...
Phase | Description | Work Items | Status | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Phase 1 | Develop the SIRTFI Trust Framework specification, which defines basic security incident response capabilities to which member organizations can self-assert compliance. This initial draft is intended to be a simplified framework that lays the groundwork for how such an approach should be defined. Significant effort will be needed to understand how this might be deployed in the existing R&E FIM environment. |
|
SIRTFI Consultation: Framework Sirtfi v1.0 approved by the REFEDS steering committee and published. Metadata extensions confirmed Guide for Federation Participants Sirtfi added to IANA assurance profiles registry. https://www.iana.org/assignments/loa-profiles/loa-profiles.xhtml | ||||||||||||||
Phase 2 | Establish the means by which member organisations in all R&E federations can indicate their compliance with the SIRTFI Trust Framework, how they can be contacted to participate in a coordinated response to a federated security incident. Define the roles and responsibilities of the various parties in managing federated security incidents, information sharing guidelines, tools, procedures, and templates. |
|
Will follow phase 1. Some work incorporated into AARC2 work plan. GN4-2 will support tools for maintaining security contacts and monitoring adherence. "Incident Response for R&E Federations" SIRTFI+ Registry Proof of Concept as GEANT T&I incubation project to be delivered to LIGO
Homepage https://refeds.org/sirtfi Metadata Guide for Federation Participants Moodle training course for Sirtfi developed under AARC Two annual table top exercises | ||||||||||||||
Phase 3 | Establish the means for proactive notification of an account compromise when it can be expected to produce a substantial impact to an at-risk SP organisation. |
|
Will follow phase 2.
|
Group Tools:
Mailing list archive: https://www.terena.org/mail-archives/sirtfi/threads.html. has been migrated to https://lists.refeds.org/sympa/info/sirtfi. Join the SIRTFI list at: https://lists.refeds.org/sympa/info/sirtfi.
...
- https://refeds.org/wp-content/uploads/2016/01/Sirtfi-1.0.pdf The published version of Sirtfi 1.0
- http://goo.gl/2xnf2G is the old working document for the framework on Google Docs.
- Proposed workplan.
- Sirtfi Normative Description: https://refeds.org/wp-content/uploads/2016/11/Sirtfi-certification-v1.0.pdf
- GN4 Sirtfi Interview Survey Report
- SIRTFI+ Registry Requirements
...
- FIM4R BoF at TNC2014.
- REFEDS, October 2014.
- FIM4R, CERN, February 2015.
- TechEx, Cleveland, October 2015
- FIM4R, EWTI, December 2015
- Kantara, Working Group Special meeting, April 2016
- Internet2 Webinar, May 2016
- TF-CSIRT, May 2016
- AARC Meeting, Incident Response, May 2016
- SWITCH ICT Focus, November 2016
- IAMOnline Europe, March 2017
- WISE, March 2017
- TNC17, May 2017
- DeIC Conference, September 2017
- TNC18, June 2018
- REFEDS @ TechEX, October 2018
- HOW19, March 2019
...
- 8th June 2014 in Amsterdam, Netherlands.
- Morning of 31st October 2014 in Indianapolis, Indiana.
- 17 June 2015, informal gathering during TNC 2015
- 6 October 2015, informal gathering during TechEx
- 28 September 2016, ACAMP Session
- 22nd February 2017, TIIME Workshop Session
Virtual Meetings:
- 1st October 2014 at 16.30 CEST via Skype.
- 29th January 2015 via Skype.
- 14th December 2015 via Vidyo, Consultation Feedback and Changes
- 25th January 2016 via Vidyo
- 18th April 2016 via Vidyo SIRTFI44958284
- 6th July 2016 via Vidyo SIRTFI44958284
- 9th August 2016 via Vidyo SIRTFI44958284
- 2nd November 2016 via Vidyo Sirtfi Normative Description Consultation Followup
- 9th Feb 2017 via Vidyo SIRTFI44958284
- 12th of July 2017 via Vidyo SIRTFI44958284
- 7th of August 2017 via Vidyo Sirtfi Call August 2017.pdf
- 2nd of October 2017 via Vidyo Sirtfi Call September 2017
- 4th of December 2017 via Vidyo Notes Sirtfi Call December 4th 16_00.pdf
- 29th of January 2018 via Bluejeans Sirtfi Registry Call 29_01_2018.pdf
- 14th of April 2018 via Bluejeans 20180412 Sirtfi WG call notes.pdf
- 28th April 2018 via Zoom 20180426 Sirtfi WG call notes.pdf
- 10th May 2018 via Zoom 20180510 Sirtfi WG call notes.pdf
- 24th May 2018 via Zoom 20180524 Sirtfi WG call notes.pdf
- 7th June 2018 via Zoom 20180607 Sirtfi WG call notes.pdf
- 21st June 2018 via Zoom 20180621 Sirtfi WG call notes.pdf
- 5th July 2018 via Zoom 20180705 Sirtfi WG call notes.pdf
- 2nd August 2018 via Zoom 20180802 Sirtfi WG call notes.pdf
- 16th August 2018 via Zoom 20180816 Sirtfi WG call notes.pdf
- 30th August 2018 via Zoom 20180830 Sirtfi WG call notes.pdf
- 27th September 2018 via Zoom 20180927 Sirtfi WG call notes.pdf
- 11th October 2018 via Zoom 20181011 Sirtfi WG call notes.pdf
- 25th October 2018 via Zoom 20181025 Sirtfi WG call notes.pdf
- 8th November 2018 via Zoom 20181108 Sirtfi WG call notes.pdf
- 6th December 2018 via Zoom 20181206 Sirtfi WG call notes.pdf
- 20th December 2018 via Zoom 20181220 Sirtfi WG call notes.pdf
- 17th January 2019 via Zoom 20190117 Sirtfi WG call notes.pdf
- 31 January 2019 via Zoom 20190131 Sirtfi call notes.pdf
- 28 February 2019 via Zoom 20190228 Sirtfi call notes .pdf
- 14 March 2019 via Zoom Sirtfi call notes 20190314.pdf
- 28 March 2019 via Zoom Sirtfi call notes 20190328.pdf
- 11 April 2019 via Zoom 20190411 Sirtfi call notes.pdf
- 25 April 2019 via Zoom 20190425 Sirtfi call notes.pdf
Calendar:
...
Material | Audience | Format | Link |
Benefits of Sirtfi | All
| https://refeds.org/wp-content/uploads/2016/02/Why_Sirtfi.pdf | |
Technical changes | Fed Ops | Wiki | |
Outreach Package | Fed Ops | Wiki | Guide for Federation Operators#SampleOutreachLetterforFederationParticipants |
Steps to follow | Entities | Web Page | |
FAQs | Entities | Web Page | General: https://refeds.org/sirtfi/sirtfi-faqs |
Logo (to act as a trust mark on compliant sites) | Entities | Image | |
Sirtfi Framework Doc | All | PDF on Web Page | https://refeds.org/wp-content/uploads/2016/01/Sirtfi-1.0.pdf |
Summary poster | All | Poster | |
Sirtfi emailer helper | End users | Web page | http://sirtfi.cern.ch |
Sirtfi Moodle Course | Entities | Moodle | https://e-academy.geant.org/moodle/ |
...
- http://www.cic.net/docs/default-source/technology/federated_security_incident_response.pdf
- https://spaces.internet2.edu/display/InCFederation/Federated+Security+Incident+Response
- https://edms.cern.ch/file/428035/7/SecurityIncidentResponse-v3.2a.pdf
- https://stix.mitre.org/
- http://cybox.mitre.org
- http://maec.mitre.org/
- http://taxii.mitre.org/
- https://github.com/berggren/fordrop
- http://www.timesketch.org/
- https://community.ja.net/blogs/regulatory-developments/article/cleaning-after-botnets
- http://googleonlinesecurity.blogspot.com/2014/09/cleaning-up-after-password-dumps.html
- https://docs.google.com/a/google.com/presentation/d/1ivU3fVCjBBZrguCfgY237BAjZ3Rp_MRGtoh2dxVypds/edit?pli=1#slide=id.g24243b4f_044
- https://wiki.egi.eu/wiki/EGI_CSIRT:Incident_reporting.https://wiki.egi.eu/wiki/EGI_CSIRT:Incident_reporting.