-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CSIRT Description for ComCERT.PL ================================ 1. About this document This document contains a description of ComCERT.PL according to RFC 2350. It provides basic information about the CERT, the ways it can be contacted, describes its responsibilities and the services offered. 1.1 Date of Last Update This is version 1.03, published at 2020-06-29 1.2 Distribution List for Notifications Notifications of updates are submitted to Trusted Introducer by e-mail: 1.3 Locations where this Document May Be Found The current version of this CSIRT description document is available from ComCERT.PL website at: https://www.comcert.pl/RFC2350.txt Please make sure you are using the latest version. 1.4 Authenticating this Document This document has been signed with GPG key and its authenticity can be verified with ComCERT.PL GPG key as published in 2.8 2. Contact Information 2.1 Name of the Team ComCERT.PL 2.2 Address ComCERT SA 13 Adama Branickiego Street 02-972 Warsaw Poland 2.3 Time Zone Central European Time (CET) - UTC+1 Central European Summer Time (CEST) - UTC+2 according to EU regulations (from the last Sunday of March to the last Sunday of October) 2.4 Telephone Number +48 22 1120683 2.5 Facsimile Number +48 22 1120684 (please note this is NOT a secure fax) 2.6 Other Telecommunication None available 2.7 Electronic Mail Address cert@comcert.pl 2.8 Public Keys and Other Encryption Information ComCERT.PL uses the GPG key: User ID: ComCERT SA Key ID: 0x225D4169 Key type: RSA Key size: 4096 Expires: never Fingerprint: 3638F438304BF950A832A2F6960BC5AC225D4169 This key can be received from directory servers or directly from our website: https://www.comcert.pl/cert.asc 2.9 Other Information General information about ComCERT.PL can be found at https://www.comcert.pl/en/ 2.10 Points of Customer Contact ComCERT.PL prefers to receive incident reports via e-mail. Please use our cryptographic keys above to ensure integrity and confidentiality ComCERT.PL's hours of operation are generally restricted to regular business hours (09:00-17:00 Monday to Friday except holidays). 3. Charter 3.1 Mission Statement Building the Customer's competence and capabilities in avoiding, identifying and mitigating the cyber threats and Customer support in the dealing with cyber threats. Contribute to the national cybersecurity efforts. 3.2 Constituency Our constituency consists of the institutions - private, public or governmental - who signed an agreement to use our incident management services. We continuously update our constituency according to the ASN, IP or domain data provided to us by our Customers. Additionally, we treat the whole .pl domain as the domain of our special interest for further distribution of information to relative parties in the private and public sectors in Poland. 3.3 Sponsorship and/or Affiliation ComCERT.PL is a private, self-funding entity. ComCERT.PL is affiliated within the Trusted Introducer (https://www.trusted-introducer.org/directory/teams/comcertpl.html) 3.4 Authority ComCERT.PL handles and coordinates incidents on behalf of its Customers and is bound by contractual terms. ComCERT.PL however is regularly expected to make recommendations during the incident handling process where parties affected are not ComCERT.PL's customers. 4. Policies 4.1 Types of Incidents and Level of Support All incidents are by default normal priority unless contractual arrangements prioritize them otherwise. Incidents handled as the contribution to the Society are therefore treated as normal priority regardless of the label attached to incident notification. It is ComCERT.PL's authority to decide whether increasing the priority to emergency is appropriate. 4.2 Co-operation, Interaction and Disclosure of Information ComCERT.PL declares that all information related to incidents handled is considered Confidential. Information evident to be sensitive or that may be harmful is handled only in a secure environment and encrypted in storage and in transit. When reporting an incident and providing sensitive information, please use encryption or contact ComCERT.PL to arrange different channel of secure communication. ComCERT.PL declares full support for the Information Sharing Traffic Light Protocol (https://www.trusted-introducer.org/ISTLPv11.pdf). Information sent in and labelled according to ISTLP will be handled appropriately. Information submitted to ComCERT.PL may be distributed on a need-to-know basis to trusted parties (such as ISPs, other CERT teams) for the sole purpose of incident handling. ComCERT.PL does not report incidents to the Law Enforcement Agencies unless required by the national law. ComCERT.PL cooperates with the LEAs only in the course of an official investigation or when instructed by a constituent to cooperate. 4.3 Communication and Authentication ComCERT.PL uses GPG encryption to ensure the confidentiality and integrity of communication. All sensitive information sent in should be encrypted. Messages regarding incidents are sent by ComCERT.PL staff signed with our main GPG key (see 2.8) and encrypted when containing a sensitive information. ComCERT.PL reserves the right to verify the authenticity of information or its source to the extent allowed by the law. 5. Services 5.1 Incident Response ComCERT.PL will assist organizations in handling the technical and organizational aspects of security incidents. ComCERT.PL's capabilities cover the full cycle of incident response - Preparation - Detection and Analysis - Containment, Eradication and Recovery - Lessons learned, Collected evidence analysis and Recommendation 5.2 Proactive Activities ComCERT.PL makes an efforts to enhance constituents immunity to security incidents and to limit the impact of incidents that occur. ComCERT.PL experts help organizations develop their own SOC teams, build incident management capabilities, including building own CSIRTs, and increase people's awareness. ComCERT.PL team takes active part in CERT community development by executing exercises, such as CERT GAMES or creating CERT Training materials in cooperation with ENISA. Detailed descriptions of the above services, along with other information are available on the ComCERT.PL web site as per section 2.10 above. 6. Incident Reporting Forms There are no specific forms developed for reporting incidents to ComCERT.PL 7. Disclaimers While every precaution will be taken in the preparation of information, notifications and alerts, ComCERT.PL assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within. -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEENjj0ODBL+VCoMqL2lgvFrCJdQWkFAl76FVYACgkQlgvFrCJd QWmdgw/+KBhKbrb16jU2x/EFjdIcoYPIEUIXQs496qY3FY7OV2qCTa+cmFrh6Ag2 07lw6spL/suDbf3BHWf1y1qrzW7w3/EnZK6I+qJIcX55D+pOd3GSovB0nhWZ3gww 239mC/jhJ/vA3+OetJI6R6c9842pGFl6aAzrBW/xYLoF3c5lAJcm+DLOvnlm/MdD nw0UoU/lEAjsgc8QlmyPh0SKrX0JEcSWvsSzXB2GRkwe9bD8aPk5E0ezCOXSfyW+ e3p72r3n7LcWWUeONowK/JxQmATZnw9+H0N08HIv1S5jt/y5p4XxHzRKxvTz6/Kd 0Y6+m4+mA8abW1eEKN1RFIaJFOHOV9zwkdOUbOIewdOvESw19QjnKBmeF7vkUKEv jO9hWRUBFfE9QG/fYHqY3Mtg2jSce1F9dKK0+vWmHLvGpc+pTBVemnxotggjGJcq iURMu8b3aljrUAxw151tL4s63045PA3Q6bsDj9S3f8Mk9oPvCa/eWxUBvIzG8dnW A5SRq2VSJwauM3L2rLAshWMIL/fKc7Q+2O8aMsKS7qNBOjDp9UiG2zmXI+vS7g0V 0r5i0d2STipHHSn2h+xwwMVhDLYG/DhqaivuKQPNj5T9hFOgBkTRLwD97WTF0KNh GGypvxnEBurSEjP1m89w0SjpqprHgqWQUjl/GIEuWxWVYhZl9/w= =Z/5+ -----END PGP SIGNATURE-----