Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Security Incident Response For Global Federation

From: "Milford, Kim" <kmilford () IU EDU>
Date: Tue, 12 Dec 2017 15:06:35 +0000
Dear Colleagues,

 

REN-ISAC [1] and InCommon [2], alongside international partners, strongly
urge federation participants to be ready to manage federation-related
security incidents. Here's how.

 

 <https://refeds.org/sirtfi> SIRTFI [3] is an international framework for
federated security incident response. It specifies a means to publish your
readiness for incident response in federation metadata. This framework asks
that each federation entity, ie, Identity and Service Providers, contain
security contact information in its federation metadata; that normal
security incident response procedures associated with it reasonably address
the statements in the SIRTFI specification; and if so, that a SIRTFI tag is
attached to the entity. 

 

InCommon recently made self-management of the security contact and SIRTFI
flag available in its Federation Manager portal. Participant Site
Administrators can now manage SIRTFI status for all systems that are part of
the Federation. Please ask them to ensure that your security contact
information is correctly expressed in federation metadata and to set the
SIRTFI flag if you believe that your security incident response procedures
reasonably meet the statements in the SIRTFI specification. Step-by-step
instructions are
<https://spaces.internet2.edu/display/InCFederation/Asserting+SIRTFI> here.

 

Academic collaborations, cloud services, and other uses depend on sensitive
resources, such as unique instruments, software, high performance data
processing environments, and corpi of data, being accessible through global
federation. Most InCommon participants are home to faculty, students, and
staff that need to use these services to be successful in their endeavors.
Please help them to succeed by being prepared to manage a federated security
incident that could otherwise threaten valuable resources. 

 

Kim Milford

Executive Director, REN-ISAC

InCommon Technical Advisory Committee

                                                                 

Kevin Morooney

Vice President Trust & Identity Services, Internet2

 

[1] www.renisac.net 

[2]  <http://www.incommon.org> www.incommon.org 

[3]  <https://refeds.org/sirtfi> https://refeds.org/sirtfi

Attachment: smime.p7s
Description:

Previous By Date Next
Previous By Thread Next

Current thread: