The SIRTFI group is looking at processes for expressing security incident handling requirements as an assurance profile for federations and other requirements needed to effectively deploy and enhance incident response processes for FIM. This wiki page details information relating to that work.
The work of this group has been divided into three main phases:
Phase | Description | Work Items | Status |
---|---|---|---|
Phase 1 | Develop the SIRTFI Trust Framework specification, which defines basic security incident response capabilities to which member organizations can self-assert compliance. This initial draft is intended to be a simplified framework that lays the groundwork for how such an approach should be defined. Significant effort will be needed to understand how this might be deployed in the existing R&E FIM environment. |
| SIRTFI Consultation: Framework Sirtfi v1.0 approved by the REFEDS steering committee and published. Metadata extensions confirmed Guide for Federation Participants Sirtfi added to IANA assurance profiles registry. https://www.iana.org/assignments/loa-profiles/loa-profiles.xhtml |
Phase 2 | Establish the means by which member organisations in all R&E federations can indicate their compliance with the SIRTFI Trust Framework, how they can be contacted to participate in a coordinated response to a federated security incident. Define the roles and responsibilities of the various parties in managing federated security incidents, information sharing guidelines, tools, procedures, and templates. |
| Will follow phase 1. Some work incorporated into AARC2 work plan. GN4-2 will support tools for maintaining security contacts and monitoring adherence. "Incident Response for R&E Federations" SIRTFI+ Registry Proof of Concept as GEANT T&I incubation project to be delivered to LIGO Homepage https://refeds.org/sirtfi Metadata Guide for Federation Participants Moodle training course for Sirtfi developed under AARC Two annual table top exercises |
Phase 3 | Establish the means for proactive notification of an account compromise when it can be expected to produce a substantial impact to an at-risk SP organisation. |
| Will follow phase 2. |
Mailing list archive: https://www.terena.org/mail-archives/sirtfi/threads.html. has been migrated to https://lists.refeds.org/sympa/info/sirtfi. Join the SIRTFI list at: https://lists.refeds.org/sympa/info/sirtfi.
Technical Training Wiki: SIRTFI Home
Security Contact Metadata Extension: Security Contact Metadata Extension Schema
Sirtfi Home Page (Public Facing): https://refeds.org/sirtfi
Google WG folder: https://drive.google.com/drive/folders/13EhgPxzLy4U6FMP_cVDaIbqju40hOhUR
SIRTFI has been presented at the following events:
Material | Audience | Format | Link |
Benefits of Sirtfi | All | https://refeds.org/wp-content/uploads/2016/02/Why_Sirtfi.pdf | |
Technical changes | Fed Ops | Wiki | |
Outreach Package | Fed Ops | Wiki | Guide for Federation Operators#SampleOutreachLetterforFederationParticipants |
Steps to follow | Entities | Web Page | |
FAQs | Entities | Web Page | General: https://refeds.org/sirtfi/sirtfi-faqs |
Logo (to act as a trust mark on compliant sites) | Entities | Image | |
Sirtfi Framework Doc | All | PDF on Web Page | https://refeds.org/wp-content/uploads/2016/01/Sirtfi-1.0.pdf |
Summary poster | All | Poster | |
Sirtfi emailer helper | End users | Web page | http://sirtfi.cern.ch |
Sirtfi Moodle Course | Entities | Moodle | https://e-academy.geant.org/moodle/ |