1. Document Information
This document complies with RFC 2350.
1.1. Date of Last Update
This is version 1.3.4 as of May 4, 2020
1.2. Distribution List for Notifications
This profile is kept up-to-date in the location specified in section 1.3.
E-mail notification of updates are sent to NORDUnet CERT management and investigators.
Please send any questions about updates to the NORDUnet CERT team e-mail address: cert@nordu.net
1.3. Locations where this Document May Be Found
The current version of this profile is always available at NORDUnet CERT RFC 2350 Profile
2. Contact Information
2.1 Name of the Team
Full name: NORDUnet CERT Computer Emergency Response Team.
Short name: NORDUnet CERT
2.2. Addresses
2.2.1 Mail address
NORDUnet CERT
NORDUnet A/S
Kastruplundgade 22
DK-2770 Kastrup
Denmark
2.2.2 Visiting address
NORDUnet CERT
Kastruplundgade 22
DK-2770 Kastrup
Denmark
2.3. Time Zone
CET/CEST
2.4. Telephone Number
NORDUnet CERT regular telephone number: +45 32 46 25 00
NORDUnet CERT emergency telephone number: +45 31 62 14 03
2.5. Facsimile Number
NORDUnet CERT facsimile number: +45 45 76 23 66
2.6. Other Telecommunication
Not applicable.
2.7. Electronic Mail Address
Please send incident reports that relate to NORDUnet, including copyright issues, spam and abuse to abuse@nordu.net
For encrypted communication cert@nordu.net should be used, see further below.
2.8. Public Keys and Encryption Information
Please encrypt any sensitive e-mail with the NORDUnet CERT PGP key with PGP keyed 7370267F and PGP fingerprint E8D9 5672 3B11 06A0 0519 F9EB 2815 77BD 7370 267F and send it to cert@nordu.net
Please sign messages using a key that is verifiable using the public keyservers. Because all NORDUNET CERT investigators can read mail encrypted with the cert@nordu.net key, individuals can use it if they cannot find a key for a specific NORDunet CERT team member.
2.9. Team Members
No public information is provided about NORDUnet CERT team members.
2.10. Other Information
Further information about the NORDUnet CERT can be found at NORDUnet CERT
NORDUnet CERT is “Certified” by the Trusted Introducer (TI) since 1 June 2016 and has been registered as “TI Accredidited CERT” since 31 Aug 2000; see https://www.trusted-introducer.org/teams/nordunet-cert.html for details. NORDUnet CERT is a member of Forum for Incident Response and Security Teams (FIRST); see https://www.first.org/members/teams/nordunet for details.
2.11. Points of Customer Contact
The preferred method for contacting NORDUnet CERT is e-mail.
- For general inquiries, please send e-mail to: cert@nordu.net
- For abuse or security issues, please use abuse@nordu.net
- For network, server, or service issues, please use noc@nordu.net
- In an emergency, contact NORDUnet CERT on +45 31 62 14 03
NORDUnet CERT’s hours of operation are generally restricted to regular business hours, or 09:00 to 17:00 Monday to Friday except Danish public holidays.
3. Charter
3.1. Mission Statement
The NORDUnet CERT mission is to:
- Keep informed of new security threats and vulnerabilities
- Respond promptly and when IT security incident’s occur within the NORDUnet mgt services.
- Cooperate and coordinate with CERT’s and any relevant stakeholders that have specific tasks in the field of information security.
- Act as NORDUnet’s point of contact for equivalent services in other countries, and develop cooperation and information exchanges with them
3.2. Constituency
NORDUnet serves its own infrastructure and its member organisations where applicable.
The NORDUnet AS-number is: 2603
3.3. Sponsoring Organisation / Affiliation
NORDUnet CERT operates with the authority delegated by NORDUnet.
3.4. Authority
NORDUnet CERT operates under the auspices of the NORDUnet members and the supervision of the NORDUnet management.
4. Policies
4.1. Types of Incidents and Level of Support
All incidents classified in CERT – Security Severity Guidelines
4.2. Co-operation, Interaction, and Disclosure of Information
NORDUnet CERT strives to closely collaborate with the NREN and CSIRT community to protect the infrastructure and data of NORDUnet and its members. Only data that is required to resolve from the specific incident are disclosed to concerned parties (need to know). NORDUnet CERT provide means to support encryption and integrity of data that is submitted to or disclosed by NORDUnet CERT
When reporting an incident of sensitive nature, please state so explicitly by using an appropriate label in the Subject field (for example, SENSITIVE, EMERGENCY, etc.) and if possible, use encryption as well.
NORDUnet CERT supports the Information Sharing Traffic Light Protocol (ISTLP; see https://www.first.org/tlp/ ; information that arrives with the tags WHITE, GREEN, AMBER, or RED will be handled appropriately.
4.3. Communication and Authentication
See section 2.8; usage of PGP in all cases where sensitive information is involved is highly recommended.
5. Services
5.1. Incident Response (Triage, Coordination, and Resolution)
NORDUnet CERT can assist system administrators in handling the technical and organizational aspects of computer security incidents.
6. Incident Reporting Forms
Not available; please report using e-mail. When reporting an incident of sensitive nature use encrypted e-mail.
7. Disclaimers
None.
