Develop the SIRTFI Trust Framework specification, which defines basic security incident response capabilities to which member organizations can self-assert compliance.
This initial draft is intended to be a simplified framework that lays the groundwork for how such an approach should be defined. Significant effort will be needed to understand how this might be deployed in the existing R&E FIM environment.
Sirtfi v1.0 approved by the REFEDS steering committee and published.
Metadata extensions confirmed Guide for Federation Participants
Sirtfi added to IANA assurance profiles registry. https://www.iana.org/assignments/loa-profiles/loa-profiles.xhtml
Establish the means by which member organisations in all R&E federations can indicate their compliance with the SIRTFI Trust Framework, how they can be contacted to participate in a coordinated response to a federated security incident.
Define the roles and responsibilities of the various parties in managing federated security incidents, information sharing guidelines, tools, procedures, and templates.
Metadata Guide for Federation Participants
Moodle training course for Sirtfi developed under AARC
Two annual table top exercises
GN4-2 will support tools for maintaining security contacts and monitoring adherence.
Survey and analysis of tool usage are in IR Communication Tools folder within the Sirtfi WG folder. The WG concluded that it is unrealistic to expect IR teams already using such tools within their domains to switch or use additional tools.
The Sirtfi+ Registry concept was developed and pilot implementation occurred through the Geant incubator task. Interest in this work by its sponsors waned.
The eduGAIN Security Incident Response Handbook was developed in partnership with the eduGAIN Security Team.
Several incident response templates were developed. These have been suggested as starting points for use by the eduGAIN Security Team.
Table top testing has been taken up by the Security Communications Challenge Coordination Joint Working Group.
Establish the means for proactive notification of an account compromise when it can be expected to produce a substantial impact to an at-risk SP organisation.
IETF security events work was reviewed. Comparison to MISP became apparent. There is slow movement in several countries to broaden MISP deployment for conveying IoCs between organizations, driven by their security communities. Interim conclusion is that if the WG should undertake some action, it should be to reinforce the MISP uptake.
Sirtfi version 2
Sirtfi version 2.
Struck "Develop tools to help IdPs identify accounts that have been used to access specified SPs." as being unrealistic and of low value.
It was decided that responsiveness testing is better addressed by eduGAIN and individual R&E federations. Cf. Recommendation 1.1 of the eduGAIN Futures report.
It was decided that the huge effort required to implement an automated IETF security events infrastructure across R&E federation members globally would be better applied towards larger objectives, like Baseline Expectations. Further, as federated entities rely increasingly on commercial systems, those systems would need to be modified to integrate with such an infrastructure, a prospect considered to be unlikely.
Mailing list archive: https://www.terena.org/mail-archives/sirtfi/threads.html. has been migrated to https://lists.refeds.org/sympa/info/sirtfi. Join the SIRTFI list at: https://lists.refeds.org/sympa/info/sirtfi.