Close this search box.
Close this search box.


The NORDUnet Computer Emergency Response Team (CERT) performs security incident handling in cooperation with the CERT’s of the Nordic national research and education networks.

1. Document Information

This document complies with RFC 2350.

1.1. Date of Last Update

This is version 1.3.4 as of May 4, 2020

1.2. Distribution List for Notifications

This profile is kept up-to-date in the location specified in section 1.3.
E-mail notification of updates are sent to NORDUnet CERT management and investigators.
Please send any questions about updates to the NORDUnet CERT team e-mail address:

1.3. Locations where this Document May Be Found

The current version of this profile is always available at NORDUnet CERT RFC 2350 Profile


2. Contact Information

2.1 Name of the Team

Full name: NORDUnet CERT Computer Emergency Response Team.
Short name: NORDUnet CERT

2.2. Addresses
2.2.1 Mail address

Kastruplundgade 22
DK-2770 Kastrup

2.2.2 Visiting address

Kastruplundgade 22
DK-2770 Kastrup

2.3. Time Zone


2.4. Telephone Number

NORDUnet CERT regular telephone number: +45 32 46 25 00
NORDUnet CERT emergency telephone number: +45 31 62 14 03

2.5. Facsimile Number

NORDUnet CERT facsimile number: +45 45 76 23 66

2.6. Other Telecommunication

Not applicable.

2.7. Electronic Mail Address

Please send incident reports that relate to NORDUnet, including copyright issues, spam and abuse to

For encrypted communication should be used, see further below.

2.8. Public Keys and Encryption Information

Please encrypt any sensitive e-mail with the NORDUnet CERT PGP key with PGP keyed 64A8DC9A and PGP fingerprint 44CF 46BF 8DC8 64CA EF91  D966 D91A 49C7 64A8 DC9A and send it to

Please sign messages using a key that is verifiable using the public keyservers. Because all NORDUNET CERT investigators can read mail encrypted with the key, individuals can use it if they cannot find a key for a specific NORDunet CERT team member.

2.9. Team Members

No public information is provided about NORDUnet CERT team members.

2.10. Other Information

Further information about the NORDUnet CERT can be found at NORDUnet CERT

NORDUnet CERT is “Certified” by the Trusted Introducer (TI) since 1 June 2016 and has been registered as “TI Accredidited CERT” since 31 Aug 2000; see for details. NORDUnet CERT is a member of Forum for Incident Response and Security Teams (FIRST); see for details.

2.11. Points of Customer Contact

The preferred method for contacting NORDUnet CERT is e-mail.

  • For general inquiries, please send e-mail to:
  • For abuse or security issues, please use
  • For network, server, or service issues, please use
  • In an emergency, contact NORDUnet CERT on +45 31 62 14 03

NORDUnet CERT’s hours of operation are generally restricted to regular business hours, or 09:00 to 17:00 Monday to Friday except Danish public holidays.


3. Charter

3.1. Mission Statement

The NORDUnet CERT mission is to:

  • Keep informed of new security threats and vulnerabilities
  • Respond promptly and when IT security incident’s occur within the NORDUnet mgt services.
  • Cooperate and coordinate with CERT’s and any relevant stakeholders that have specific tasks in the field of information security.
  • Act as NORDUnet’s point of contact for equivalent services in other countries, and develop cooperation and information exchanges with them
3.2. Constituency
NORDUnet serves its own infrastructure and its member organisations where applicable.
Organisation partners include SUNET, Sikt, RHnet, DeiC and FUNET.
3.3. Sponsoring Organisation / Affiliation

NORDUnet CERT operates with the authority delegated by NORDUnet.

3.4. Authority

NORDUnet CERT operates under the auspices of the NORDUnet members and the supervision of the NORDUnet management.

4. Policies
4.1. Types of Incidents and Level of Support

All incidents classified in CERT – Security Severity Guidelines

Critical2 Hours
MajorNext business day
Minor5 business days
Low10 business days

4.2. Co-operation, Interaction, and Disclosure of Information

NORDUnet CERT strives to closely collaborate with the NREN and CSIRT community to protect the infrastructure and data of NORDUnet and its members. Only data that is required to resolve from the specific incident are disclosed to concerned parties (need to know). NORDUnet CERT provide means to support encryption and integrity of data that is submitted to or disclosed by NORDUnet CERT

When reporting an incident of sensitive nature, please state so explicitly by using an appropriate label in the Subject field (for example, SENSITIVE, EMERGENCY, etc.) and if possible, use encryption as well.
NORDUnet CERT supports the Information Sharing Traffic Light Protocol (ISTLP; see ; information that arrives with the tags WHITE, GREEN, AMBER, or RED will be handled appropriately.

4.3. Communication and Authentication

See section 2.8; usage of PGP in all cases where sensitive information is involved is highly recommended.

5. Services

5.1. Incident Response (Triage, Coordination, and Resolution)

NORDUnet CERT can assist partnering CERT’s in handling the technical and organisational aspects of computer security incidents.


6. Incident Reporting Forms

Not available; please report using e-mail. When reporting an incident of sensitive nature use encrypted e-mail.

7. Disclaimers


Contacting the Nordic national CERT teams

DK-CERT, email

RHnet CERT, email


Sikt CERT, email


Contacting the NORDUnet CERT

You can contact the NORDUnet CERT by email to

Response time:
2 Hours
Next business day
5 business days
10 business days