Policies and guidelines
Red Hat Information Security Incident Response Team RFC 2350 Profile
RED HAT INFORMATION SECURITY INCIDENT RESPONSE TEAM (HEREAFTER RH-ISIRT) RFC 2350 PROFILE
1. Document Information
This document is compliant with RFC 2350.
1.1. Date of Last Update
This is version 1.1 as of May 1, 2019.
1.2. Distribution List for Notifications
There is no distribution list for notifications.
Please inquire about updates via the RH-ISIRT email address: email@example.com
1.3. Locations where this Document May Be Found
The current version of this profile is available at https://www.redhat.com/en/trust/RFC-2350
This document shall remain valid until superseded by a later version.
2. Contact Information
2.1. Name of the Team
Full name: Red Hat Information Security Incident Response Team
Short name: RH-ISIRT
Red Hat Information Security Incident Response Team
Red Hat, Inc.
100 E. Davie St.
Raleigh, NC 27601
2.3. Time Zone
RH-ISIRT's core office locations and timezones are Brisbane, Australia (AEST UTC +1000), Brno, Czechia (CET, UTC +0100 / CEST, UTC +0200) and Raleigh, NC USA (EST, UTC -0500 / EDT, UTC -0400)
24x7 coverage via emergency contact telephone listed in section 2.4.
2.4. Telephone Number
RH-ISIRT emergency telephone number: +1-919-890-8888
2.5. Facsimile Number
2.6. Other Telecommunication
2.7. Electronic Mail Address
Incident reports should be sent to firstname.lastname@example.org.
2.8. Public Keys and Encryption Information
Please encrypt sensitive emails with the RH-ISIRT public key.
PGP Key ID: 0x5D926E5480B7FD5F
PGP Fingerprint: 776F4885BF7D69E52181BCCC5D926E5480B7FD5F
Key Available for download: http://hkps.pool.sks-keyservers.net/pks/lookup?search=0x5D926E5480B7FD5F&fingerprint=on&op=vindex
Please include a public key on all messages, or use a key that can be downloaded and verified from well-known public PGP keyservers
2.9. Team Members
No public information will be disclosed about RH-ISIRT members.
2.10. Other Information
For additional information about Red Hat’s Product Security Team, (distinct from RH-ISIRT), please visit: https://access.redhat.com/security/overview/
RH-ISIRT is listed by the Trusted Introducer (TI) for CERTs in Europe: https://www.trusted-introducer.org/directory/teams/rh-isirt.html
RH-ISIRT is a member of Forum of Incident Response and Security Teams (FIRST): https://first.org/members/teams/rh-isirt
2.11. Points of Customer Contact
The preferred method for contacting RH-ISIRT is email.
For all inquiries please contact email@example.com
For emergency situations, contact RH-ISIRT at +1-919-890-8888
The RH-ISIRT is generally available Sunday, 23:00 UTC through Friday 1900 UTC, excluding holidays.
3.1. Mission Statement
The Red Hat Information Risk and Security Team (parent organization of RH-ISIRT) ensures Red Hat systems are resilient and secure, that processes are inline with global industry standards and regulations, and are regularly tested.
RH-ISIRT helps safeguard Red Hat Associates, business partners, Red Hat Customers and Red Hat owned businesses. Additionally, RH-ISIRT can act as a liason into many Open Source communities and upstream projects, including but not limited to: jboss.org, centos.org, fedoraproject.org, gluster.org, and ceph.org.
3.3. Sponsorship and/or Affiliation
RH-ISIRT is a global team of information security professionals, that serve Red Hat’s corporate functions. This organization reports to Red Hat’s Chief Information Officer, who is a member of Red Hat’s executive management.
RH-ISIRT operates under the authority of Red Hat IT, and Red Hat Legal.
4.1. Types of Incidents and Level of Support
All incidents are considered normal priority unless they are labeled "CRITICAL", "URGENT" or "EMERGENCY".
Exercises or communication testing emails should be labeled "EXERCISE" or "TEST".
4.2. Co-operation, Interaction, and Disclosure of Information
All incoming information is handled confidentially by RH-ISIRT.
When reporting a sensitive incident, please indicate so appropriately, using the words "SENSITIVE" or "CONFIDENTIAL" in the subject line, and please consider using encryption as specified in section 2.8.
RH-ISIRT adheres to the Information Sharing Traffic Light Protocol according to the FIRST Standard Definitions and Usage Guidance: https://www.first.org/tlp/
Information tagged with identifiers in the TLP will be handled accordingly.
Red Hat abides by appropriate regional data protection and privacy laws as applicable.
4.3. Communication and Authentication
Please refer to section 2.8. For sensitive information, the use of PGP encryption is strongly advised.
5.1. Incident Response
RH-ISIRT can assist system, network, and security operators with the handling of Information Security Incidents, impacting, or originating from Red Hat owned properties.
5.2. Coordination with external Entities
RH-ISIRT participates in external security working communities, regionally, nationally and globally. Examples of this include RH-ISIRT membership in FIRST, team member participation in InfraGard, and other working groups both public and private.
6. Incident Reporting Forms
Not available; please report incidents via email. When reporting issues / incidents to RH-ISIRT, please provide as much of the following information as possible:
Contact details and Org information
Brief Description of the issue or incident
Source and Destination IP Addresses if known
Any relevant logging or evidence which may be available (may be sanitized, if needed)
If forwarding an email to RH-ISIRT for investigation, please ensure that all email headers, message body, and attachment(s) are included.