-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Computer Emergency Response Team - Agenzia per l'Italia Digitale CERT-AGID - Italy RFC 2350 Profile 1. About this document This document contains the description of the "CERT Agenzia per l'Italia Digitale", or briefly "CERT-AGID", (formerly CERT-PA) according to RFC 2350 (http://www.rfc-base.org/txt/rfc-2350.txt). 1.1 Date of Last Update This is version 2.0, published 2020/05/06. 1.2 Distribution List for Notifications None available. 1.3 Locations where this Document May Be Found The current version of this document is available from the CERT-AGID web site at https://cert-agid.gov.it/download 1.4 Authentication of this Document This document has been signed with the CERT-AGID PGP public key. 1.5 Revision History V1.0: first release. V2.0: transition from CERT-PA to CERT-AGID. 2. Contact Information 2.1 Name of the Team Official name: "CERT Agenzia per l'Italia Digitale" Short name: "CERT-AGID" 2.2 Address CERT-AGID Agenzia per l'Italia Digitale Viale Liszt, 21 I-00144 Roma (Italy) 2.3 Time Zone CET - Central Europe (GMT+0100, and GMT+0200 from the last Sunday of March to the last Sunday of October). 2.4 Telephone Number +39 06 85264800 2.5 Facsimile Number None available. 2.6 Other Telecommunication None available. 2.7 Electronic Mail Address info@cert-agid.gov.it 2.8 Public Keys and Encryption Information CERT-AGID supports PGP/GPG encryption. The PGP/GPG public key for CERT-AGID is available on the official website of CERT-AGID. Key ID: 928F85DF96EB6F09 Fingerprint: 270E 2AAD 920C 4FD2 2BB2 264A 928F 85DF 96EB 6F09 2.9 Team Members The Head of CERT-AGID is the Director of the "Systems, Technologies and Information Security" area of the "Agenzia per l'Italia Digitale (AgID)" (Agency for Digital Italy), under which the CERT-AGID is established and operated. 2.10 Other Information General information about CERT-AGID (in Italian) can be found on its official web site: https://cert-agid.gov.it/ 2.11 Points of Customer Contact The preferred method for contacting CERT-AGID is via email at the address ; the mailbox is checked from Monday to Friday 09:00 – 18:00, except during Italian public holidays. The use of PGP/GPG is required while sending confidential or sensitive information. If it is not possible (or not advisable for security reasons) to use e-mail, the CERT-AGID can be reached by telephone during regular office hours (09:00-18:00 Monday to Friday except holidays). 3. Charter 3.1 Mission Statement The CERT-AGID operates on a voluntary and not mandatory base. Its purposes are: - to address the cyber security needs of the Italian Public Administrations - to coordinate the public sectors' CERT's and SOC's activities - to cooperate with CSIRT Italia to achieve the national security objectives 3.2 Constituency The Constituency of CERT-AGID is the community of the Italian Public Administrations and Institutions excluding Law Enforcement and Military. 3.3 Legislation The CERT-AGID operates under the general regulatory framework defined by the "DPCM 24 gennaio 2013" which assigns to the "Agenzia per l'Italia Digitale" a relevant role within the National Cybersecurity Framework. 3.4 Authority CERT-AGID is operated by and within the "Agenzia per l'Italia Digitale" (Agency for Digital Italy) of the Italian Presidency of the Council of the Ministers. 4. Policies 4.1 Types of Incidents and Level of Support CERT-AGID is responsible for addressing all types of computer security incidents occurring within its constituency. The level of support given by CERT-AGID will vary according to the severity of the incident and the CERT-AGID's resources at the time. Every effort will be made to return a response within one working day. CERT-AGID expects that the system administrators and/or security operators of the sites involved in security incidents will cooperate in the resolution of the problem. No direct support will be given to end-users, as they are expected to contact their own system administrators. CERT-AGID is also committed to keeping its constituency informed of potential vulnerabilities, possibly before they are actively exploited. 4.2 Co-operation, Interaction and Disclosure of Information CERT-AGID cooperates and interacts with other organizations which operate in the field of cyber security, both at the national and international level. CERT-AGID guarantees that all information will be handled according to the current Italian and European legislation, and ensures the confidentiality of its sources to the largest possible extent. CERT-AGID will share with other interested parties the information it receives, anonymized if possible, in order to solve or prevent security incidents and/or to handle specific security issues. CERT-AGID may also possibly share or publish statistics related to the number of threat alerts and/or incidents, ensuring the confidentiality of its sources and providing only aggregate data and/or anonymous information. 4.3 Communication and Authentication Telephone and unencrypted e-mail are considered sufficient for the transmission of low-sensitivity data. PGP encryption is required for exchanging high-sensitivity data. 5. Services 5.1 Incident Response CERT-AGID will help system administrators of nodes belonging to its constituency in handling computer security incidents to the extent possible depending on its resources. In particular CERT-AGID will provide assistance or advice with respect to the following aspects of incident management: - investigating the nature and extent of the incident; - determining the initial cause (e.g. vulnerability exploited); - keeping contacts with other sites involved; - reporting to other CSIRTs; - helping in removing the vulnerability. 5.2 Proactive Activities CERT-AGID provides to its consituency the following proactive services to the extent possible depending on its resources: - Announcements - Security-related information dissemination - Technology watch - Trend and neighbourhood watch - Information Security Intelligence - Information Security Risk Management 5.3 Reactive Activities CERT-AGID provides to its constituency the following reactive services to the extent possible depending on its resources: - Alerts and warnings - Forensic analysis - Incident analysis - Incident response support - Incident response coordination - Vulnerability response coordination - Anti Phishing, Anti Spam, Anti Malware 6. Incident Reporting Forms At present CERT-AGID does not provide any Incident Response Form on its public Web site. Incident reports must be sent via (possibly encrypted) e-mail. When reporting incidents please provide as much information as possible, and specify the level of confidentiality of information sent (whether public domain or not). TLP protocol is accepted and enforced. In case of absence of this information, CERT-AGID will assume that the information received is in the public domain and may act accordingly. Do not send malicious code or other attachments via e-mail without having previously agreed with CERT-AGID the mode of transmission. 7. Disclaimers While every precaution will be taken in the preparation of information, notification and alerts, CERT-AGID assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within. -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQQnDiqtkgxP0iuyJkqSj4XflutvCQUCXuOZJAAKCRCSj4Xflutv CU4dAQDRbQ/xa2772G3ofzcQrBoyN7u9hGt7k921jDOf1NN98wEAmx52G3Jb/Z9F q16ou+/oq0a7WXS0bSj+0hlDKusYiwA= =+7o5 -----END PGP SIGNATURE-----