The National Education and Research Network (RNP) incorporated, this year, another international best practice for identity management promoted by REFEDS (Research and Education FEDerations group), which gathers and debates standards for all academic identity federations worldwide: SIRTFI.

SIRTFI (Security Incident Response Trust Framework to Federated Identity) is a framework that establishes a trusted network between the members of the various federated networks for handling security incidents, such as the Federated Academic Community (CAFe). The self-declaration occurs once the institution meets a number of safety requirements of this framework.

The SIRTFI model is a set of good practices and attributes that identify an organization as capable of coordinating a response to security incidents between the federated organizations. It raises the level of security maturity of a federation by implementing controls to ensure the confidentiality of information, control of logs, and defining preventive measures to protect an organization from attacks.

The work to implement the safety recommendations in the SIRTFI model at RNP began in 2019 and involved the areas of IT, Services, and Information Security. For the IT manager of RNP, Emmanuel Sanches, the adoption of the SIRTFI framework for CAFe provides improvements in four areas: in security operations, response to incidents, recording of logs, and definition of responsibilities. 

"This action allowed our team to improve their performance regarding security issues in the CAFe service, which contributes to greater stability and availability. It also establishes RNP as the first member of the federation of identity providers (IdP) to be compliant with the SIRTFI standard. The example by RNP should encourage other members to promote improvements as well," considered the IT manager.

In addition, Emilio Nakamura, associate director of Cybersecurity at RNP, emphasizes that identity management is essential in the digital world and requires a secure environment between the different institutions that comprise an identity federation to increase the level of trust in interactions. 

"Our compliance with SIRTFI is an important step in building a safer community and strengthens collaboration between the institutions. For RNP, the SIRTFI compliance also represents that the security of our deliveries is evolving increasingly since the framework is applied in the organization as a whole. RNP will also support institutions to seek compliance", stated Nakamura.

For Jean Carlo Faustino, service manager, RNP's compliance with SIRTFI, as a client of the CAFe federation, represents another important step to increase the maturity of the service.

"As it was highlighted, the benefit applies not only to CAFe but to the entire RNP in terms of safety and maturity of processes. Therefore, this is an achievement that needed to be pursued and achieved collaboratively between the teams involved. We are delighted by this and because, by conducting process, from the beginning, we were focused on not only making RNP compliant but also paving the way to other CAFe institutions through the creation of specific templates," he pondered