Versions Compared

Old Version 123

changes.mady.by.user Tom Barton

Saved on

compared with

New Version 124

changes.mady.by.user Tom Barton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Keep table top testing as not complete in the work plan until we can figure out how we'll know it's complete!

PhaseDescriptionWork ItemsStatus
Phase 1

Develop the SIRTFI Trust Framework specification, which defines basic security incident response capabilities to which member organizations can self-assert compliance.

This initial draft is intended to be a simplified framework that lays the groundwork for how such an approach should be defined.  Significant effort will be needed to understand how this might be deployed in the existing R&E FIM environment.

  • Draft SIRTFI document for consultation.
  • Consultation to support development of public v1.0.
  • Decide whether IdP notification of compromised account belongs in v1.0 or will be slated for v2.0 in alignment with Phase 3 work.
  • Propose / finalise entity metadata schema for security contacts.
  • Propose / finalise entity attribute profile to signify adherence with Sirtfi public v1.0.

Status
colourGreen
titleComplete

SIRTFI Consultation: Framework

Sirtfi v1.0 approved by the REFEDS steering committee and published.

Metadata extensions confirmed Guide for Federation Participants

Sirtfi added to IANA assurance profiles registry. https://www.iana.org/assignments/loa-profiles/loa-profiles.xhtml

Phase 2

Establish the means by which member organisations in all R&E federations can indicate their compliance with the SIRTFI Trust Framework, how they can be contacted to participate in a coordinated response to a federated security incident.

Define the roles and responsibilities of the various parties in managing federated security incidents, information sharing guidelines, tools, procedures, and templates.

  • Produce educational and communication materials for REFEDS to promulgate to member R&E federations.
  • Promulgate educational and communication materials to help R&E federations to promote and support Sirtfi public v1.0 adoption.
  • Test incident response process and use of security contact metadata in simulated activity.
  • Implement processes by which to maintain and broadcast security contact information and Sirtfi trust framework adherence, outside standard federation metadata publication mechanisms.
  • Establish communication channels for security information exchange and incident report sharing.
  • Define incident response procedures for federations, including communication templates, and support the community in their adoption.
  • Implement metadata extension for security contact information.
  • Implement metadata profile to signify Sirtfi public v1.0 adherence.

Status
colour
Yellow
titleSTARTED
Status
colourGreen
titleComplete

Homepage https://refeds.org/sirtfi

Metadata Guide for Federation Participants

Moodle training course for Sirtfi developed under AARC

Two annual table top exercises

GN4-2 will support tools for maintaining security contacts and monitoring adherence.

Survey and analysis of tool usage are in IR Communication Tools folder within the Sirtfi WG folder. The WG concluded that it is unrealistic to expect IR teams already using such tools within their domains to switch or use additional tools.

The Sirtfi+ Registry concept was developed and pilot implementation occurred through the Geant incubator task. Interest in this work by its sponsors waned.

The eduGAIN Security Incident Response Handbook was developed in partnership with the eduGAIN Security Team.

Several incident response templates were developed. These have been suggested as starting points for use by the eduGAIN Security Team.

Table top testing has been taken up by the Security Communications Challenge Coordination Joint Working Group.

Phase 3

Establish the means for proactive notification of an account compromise when it can be expected to produce a substantial impact to an at-risk SP organisation.

  • Analyse suitability of existing identity event notification solutions such as IETF's Security Events to R&E federations, and potentially define and set up means for IdP organizations to issue events related to account compromises to SPs registered as at-risk.
  • Develop tools to help IdPs identify accounts that have been used to access specified SPs.
  • Define Sirtfi version 2 to include the requirement to notify affected participating organisations of security incidents
  • Promote testing responsiveness of security contact information by federation operators or other parties.

Status
titlePending

Sirtfi version 2.

Responsiveness testing.

Status
colourYellow
titleSTARTED

IETF security events work was reviewed. Comparison to MISP became apparent. There is slow movement in several countries to broaden MISP deployment for conveying IoCs between organizations, driven by their security communities. Interim conclusion is that if the WG should undertake some action, it should be to reinforce the MISP uptake.

Sirtfi adoption survey is being developed was used to gather data to take into account in developing version 2. Results are under consideration as of this update.

Status
colourGreen
titleComplete

Struck "Develop tools to help IdPs identify accounts that have been used to access specified SPs." as being unrealistic and of low value.

...