...
This document makes use of the Definitions described in the eduGAIN Constitution [eduGAIN-Constitution] and of the following additional ones:
Remove all the defintions already in eduGAIN Constitution.
| Word/Term | Definition |
|---|---|
| CSIRT | Computer Security Incident Response Team |
| eduGAIN | The eduGAIN inter-federation service connects identity federations around the world, simplifying access to content, services and resources for the global research and education community. |
| eSG | eduGAIN Steering Group, the governing body of eduGAIN. |
| eduGAIN stakeholder | eSG members, REFEDS members, NRENs, research and education community members. |
| Entity Security Contact | An entity mail address dedicated to security issues and incident response. It is recommended that the security contact is monitored by multiple individuals. |
Purpose and Responsibilities
...
The eduGAIN-CSIRT maintains a communication infrastructure to assure that all the relevant information is received by the relevant Federation Operators and Entities security contacts in eduGAIN. That the information is processed and needed response actions are carried out is the responsibility of the entity and the hosting federation(s)the Entity and respective Federation Operator Security Contacts.
Constituency
eduGAIN-CSIRT provides incident response coordination for the entities organized in the federations the Entities members of Identity Federations participating in eduGAIN.
...
The services described above are provided at least during business hours (9x5 CET/CEST) with 24-hour response, and outside business hours on a best-effort basis.
...
The Term of Office is unlimited.
Method of Appointment
The GEANT project appoints the eduGAIN-CSIRT Chair is appointed by the GEANT project.
Operating Procedures
The operation of eduGAIN-CSIRT will obey the eduGAIN Declaration and the eduGAIN Constitution and follow the procedures approved by the eSG. Any Stakeholder within eduGAIN stakeholder has the right to suggest new policies and procedures: such requests should be submitted to the eduGAIN Security Officer. The decision whether to accept this request or not request will be discussed within the eduGAIN CSIRT and decision will be recorded in the minutes of the meeting and feedback will be provided to the original requestor.
Communications and Meetings
All the members of the Group eduGAIN-CSIRT must subscribe to the eduGAIN-CSIRT mailing list (edugain-support-sec-team@lists.geant.org)
and should use it as the primary written communication channel. To allow for low latency communications, the team may community communicate using end-to-end encrypted instant messaging channels provided all end-points have been pre-authenticated during a face-to-face validation.
...