Seções
Texto

CAIS - RFC 2350

1. Document Information
This document contains a description of CAIS/RNP according to RFC 2350.

1.1 Date of Last Update
July 05, 2022

1.2 Distribution List for Notifications
There is no distribution list for notifications of new versions of this document.

1.3 Locations Where This Document May Be Found
The current version of this document can be found at [adicionar o link em ingles]
The key used for signing is the CAIS/RNP key as listed under 2,8.

2. Contact Information

2.1 Name of the CSIRT
English: CAIS/RNP – RNP Security Incident Response Team 
Brazilian Portuguese : CAIS/RNP – Centro de Atendimento a Incidentes de Segurança da RNP

2.2 Address
Prédio da Embrapa/Unicamp 
Av. André Tosello, 209 Cidade Universitária Zeferino Vaz
Campinas – São Paulo
13083-886 Brazil

2.3 Time zone
America/Sao_Paulo (GMT-0300)

2.4 Telephone number
Not applicable. CAIS/RNP does not accept incident reports via telephone.

2.5 Facsimile number
Not applicable.

2.6 Other telecommunication
iNOC-DBA: 1916*800 (see more at: https://inoc.nic.br)

2.7 Electronic mail address
Incident reports should be sent to cais@cais.rnp.br.

2.8 Public keys and encryption information
The CAIS/RNP PGP Key information can be found at:
http://www.rnp.br/cais/cais-pgp.key

2.9 Team Members
No public information is provided about CAIS/RNP members.

2.10 Other information
Additional information can be found at:
https://www.rnp.br/sistema-rnp/cais
CAIS/RNP is a FIRST member, details at:
https://www.first.org/members/teams/cais-rnp

2.11 Points of customer contact
To contact CAIS/RNP regarding security incidents related to Brazilian academic networks send an email to <cais@cais.rnp.br>.
CAIS/RNP operates from Monday through Friday, from 09:00h to 18:00h, UTC-0300.

3. Charter

3.1 Mission statement
To act in the detection, resolution and prevention of security incidents in the Brazilian academic network, in addition to developing, promoting and disseminating security practices in networks.

3.2 Constituency
CAIS/RNP coordinates the incident handling related to the Brazilian academic network (NREN) operated by the Rede Nacional de Ensino e Pesquisa (RNP).

3.3 Sponsorship and/or affiliation
CAIS/RNP  was created in 1997 and is maintained by the Rede Nacional de Ensino e Pesquisa (RNP), a non-profit association created to operate the national research and education network (NREN).
RNP is governed by its statute and its attributions and commitments are defined in a contract with the Ministry of Science and Technology (MCTI). Incident response coordination within the network is one of RNP's responsibilities.

3.4 Authority
CAIS/RNP has no authority over its constituency, all activities are based on collaborative relationships with other entities.

4. Policies

4.1 Types of incidents and level of support

CAIS/RNP is the focal point for the notification of security incidents in the Brazilian academic network, providing the necessary coordination and support for the handling of incidents, through the following services:
• Coordination for incident handling, incident and artifact analysis, incident mitigation and recovery;
• Detection and analysis of vulnerabilities;
• Security awareness actions;
• Training and sharing of security materials, techniques and technologies.
CAIS/RNP also provides its constituency with information and updates on security events and trends through alerts and reports, reports, webinars and events.

4.2 Cooperation, interaction and dissemination of information
CAIS/RNP does not share specific information about incidents with external parties. Data may be aggregated for statistics as long as the information does not identify the persons or organizations involved.
CAIS/RNP adheres to the Traffic Light Information Sharing Protocol in accordance with the First Standard Definitions and Usage Guidance: https://www.first.org/tlp/. Information that is labeled with the tags WHITE, GREEN, AMBER or RED will be handled appropriately.

4.3 Communication and authentication
CAIS/RNP uses unencrypted email for most non-sensitive communications. If the message contains confidential information, CAIS strongly recommends the use of PGP encryption (see items 2.7 and 2.8).
Vulnerability alerts sent via the specialized mailing list can be digitally signed.
If it is necessary to authenticate a person before communicating, this can be done through existing communities (e.g. FIRST) or by other methods such as call-back, mail-back or even face-to-face meeting if necessary.

5. Services

5.1 Incident response
CAIS/RNP assists your constituency to resolve security incidents by providing an incident management system, notification aggregation and expert follow-up when needed.

5.1.1. Incident triage
CAIS/RNP screens detected or reported incidents or vulnerabilities, assists in their validation, evaluation and prioritization by its constituency.

5.1.2. Incident coordination
CAIS/RNP is the main contact for all systems and networks connected to the Brazilian research and education network. Incoming notifications are processed by a system and forwarded to the appropriate contacts.
The same applies to automated contact and information feeds. Some notifications can be analyzed or aggregated into others to be more easily handled by members of the electorate.

5.1.3. Incident resolution
CAIS/RNP acts directly in the solution of incidents of its internal network or in the services maintained and offered by RNP. In cases of security incidents in the environments of its target audience, CAIS coordinates and supports incident handling, providing assistance to local teams, but does not have any authority to resolve incidents directly.

5.2 Proactive activities
CAIS/RNP aims to actively participate in the security community, providing information and updates on security events and trends through alerts and briefings, reports, webinars and events, in order to raise awareness of security and the effectiveness of the incident handling. Some of them include:
-    A vulnerability alert service that monitors common software and hardware products frequently present in your target audience's environments;
-    Assistance to organizations that are looking to form their own CSIRT;
-    Holding events and contributing to security events in the community;
-    Vulnerability scanning;


6. Incident reporting forms
There are no forms available. Please refer to section 2.7.

7. Disclaimers
While all precautions are taken in the elaboration of information and notifications, CAIS/RNP  assumes no responsibility for errors or omissions, or for damages resulting from the use of the information provided.

© 2019 - RNP Todos os direitos reservados.   |  Conheça nossa Política de Privacidade