...
Phase | Description | Work Items | Status | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Phase 1 | Develop the SIRTFI Trust Framework specification, which defines basic security incident response capabilities to which member organizations can self-assert compliance. This initial draft is intended to be a simplified framework that lays the groundwork for how such an approach should be defined. Significant effort will be needed to understand how this might be deployed in the existing R&E FIM environment. |
|
SIRTFI Consultation: Framework Sirtfi v1.0 approved by the REFEDS steering committee and published. Metadata extensions confirmed Guide for Federation Participants Sirtfi added to IANA assurance profiles registry. https://www.iana.org/assignments/loa-profiles/loa-profiles.xhtml | ||||||||||||
Phase 2 | Establish the means by which member organisations in all R&E federations can indicate their compliance with the SIRTFI Trust Framework, how they can be contacted to participate in a coordinated response to a federated security incident. Define the roles and responsibilities of the various parties in managing federated security incidents, information sharing guidelines, tools, procedures, and templates. |
|
Will follow phase 1. Some work incorporated into AARC2 work plan. GN4-2 will support tools for maintaining security contacts and monitoring adherence. SIRTFI+ Registry Proof of Concept as GEANT T&I incubation project to be delivered to LIGO
Homepage https://refeds.org/sirtfi Metadata Guide for Federation Participants Moodle training course for Sirtfi developed under AARC Two annual table top exercises | ||||||||||||
Phase 3 | Establish the means for proactive notification of an account compromise when it can be expected to produce a substantial impact to an at-risk SP organisation. |
|
Will follow phase 2. |
...