...
Source | Proposal | Requirements |
---|---|---|
AARC report | Assist federation participants and Federation Security Incident Response Coordinator in performing appropriate investigation, system analysis and forensics, and strive to understand the cause of the security incident, as well as its full extent. Identifying the cause of security incidents is essential to prevent them from reoccurring. The time and effort needs to be commensurate with the scale of the problem and with the potential damage and risks faced by affected participants. |
|
AARC report | In collaboration with Federation Security Incident Response Coordinators, ensure all affected participants in all federations are notified via their security contact with a “heads-up” within one local working day. |
|
AARC report | Coordinate the security incident resolution process and communication with affected participants until the security incident is resolved. |
|
AARC report | Ensure suspension of service (if applicable) is announced in accordance with federation and interfederation practices. |
|
AARC report | Share additional information as often as necessary to keep all affected participants up-to-date with the status of the security incident and enable them to investigate and take action should new information appear. |
|
AARC report | Assist and advise participants in taking corrective action, or restoring access to service (if applicable) and legitimate user access. |
|
AARC report | Produce and share a report of the incident with all Sirtfi-compliant organisations in all affected federations within one month. This report should be labelled TLP AMBER [3] or higher. |
|
AARC report | Update documentation and procedures as necessary. |
|
General | Freshness of contact data |
|
General | GDPR compliance of supporting information sharing and appropriately expiring tickets. GDPR compliance of contact data. |
- AAI specific 15 |