IPZS Computer Security Incident Response Team POLI-CERT RFC 2350 PROFILE 1. Document Information This document contains a description of POLI-CERT, according to RFC 2350. 1.1 Version Version 1.0 Release date Oct 30, 2019. 1.2 Distribution List None. 1.3 Location of the document The current and updated version of this document is available on the IPZS website https://www.cert.ipzs.it 2. Contact Information 2.1 Name CERT Poligrafico e Zecca dello Stato Italiano Short name: POLI-CERT 2.2 Mailing Address CERT Poligrafico e Zecca dello Stato Italiano c/o CYPSEC Via Salaria, 691 - 00138 - Rome, Italy 2.3 Time zone Central Europe (UTC+0100) and during Daylight Saving Time (UTC+0200) from the last Sunday of March to the last Sunday of October. 2.4 Telephone number +39 06 85083200 2.6 Other telecommunication None. 2.7 Electronic mail address cert[at]ipzs.it Messages sent to this address can be read by all members of the POLI-CERT team. 2.8 Public keys and encryption -----BEGIN PGP PUBLIC KEY BLOCK----- PGP/GPG is supported for secure communication. POLI-CERT has a public PGP/GPG key for cert@ipzs.it which is available at the usual public key servers such as https://keys.ipzs.it PGP/GPG Key: ID:0xB0381068 FINGERPRINT: 97BD 3D49 7BF0 CAB2 10EC E348 56F6 FF06 B606 D0CF -----END PGP PUBLIC KEY BLOCK----- 2.9 Team members POLI-CERT operates inside the 'Cyber Security' Unit. 2.10 Operating Hours POLI-CERT operates H24x7. 2.11 Additional Contact Info The best method to contact POLI-CERT is by email: cert[at]ipzs.it Additional contact info are available to select members of the Constituency, or any other entity directly working with POLI-CERT. 3. Charter 3.1 Mission Statement The main purpose of POLI-CERTis to prevent, identify and respond to cyber and physical events and incidents. This is done coordinating the inside teams activity and constantly reporting to the CEO, CSO and the Board of Directors. 3.2 Constituency IPZS is the IT partner of the Italian Ministry of Finance (MEF), and POLI-CERT operates in coordination with it. 3.3 Authority IPZS and POLI-CERT operate within specific contracts and agreements with their customers. 4. Policies 4.1 Types of Incidents and Level of Support All the efforts of POLI-CERT are to respond as quickly as possible, and within one hour from the first notification. The POLI-CERT personnel operates in a 24H 7/7 mode, and one team member is always available any time of the day. 4.2 Co-operation, Interaction and Disclosure of Information 4.3 Communication and Authentication Usually the information handled by POLI-CERT can be communicated via phone calls or email messages. Anyway, if there are personal data or specific vulnerabilities involved, we use a GPG encrypted message. 5. Services 5.1 Incident Response POLI-CERT main service is to respond to cyber events and incidents, that is done with specific procedures with the following steps: - Triage - Coordination - Resolution - Recovery 5.2 Proactive Activities As a way to prevent incidents, POLI-CERT offers specific services to identify menaces and risks to IPZS infrastructure. In detail: - Information provision (Lessons learned) - Monitoring and intelligence services - Bulletins and alerts 5.3 Reactive Activities POLI-CERT provides the following services: - Awareness and training sessions 6. Incident Reporting Forms POLI-CERT doesn't provide a form to report incidents. Any information must be provided via email (cert[at]ipzs.it) or calling POLI-CERT phone number during business hours. Any kind of sensitive information, vulnerability disclosure or malicious material must be sent only after contacting POLI-CERT first, and always by an encrypted communication using POLI-CERT public GPG Key, provided in the 2.8 paragraph. 7. Disclaimers Even if every precaution it taken when preparing and publishing bullettins, alerts and notifications, POLI-CERT shall not be deemed responsible for mistakes, omissions or damages resulting from the use of those information.