Policies and guidelines
Red Hat Information Security Incident Response Team RFC 2350 Profile
Red Hat information security incident response team (hereafter RH-ISIRT) RFC 2350 Profile
1. Document Information
This document is compliant with RFC 2350.
1.1. Date of Last Update
This is version 1.3 as of September 27, 2024.
1.2. Distribution List for Notifications
There is no distribution list for notifications.
Please inquire about updates via the RH-ISIRT email address: infosec@redhat.com
1.3. Locations where this Document May Be Found
The current version of this profile is available at https://www.redhat.com/en/trust/RFC-2350
1.4. Expiration
This document shall remain valid until superseded by a later version.
2. Contact Information
2.1. Name of the Team
Full name: Red Hat Information Security Incident Response Team
Short name: RH-ISIRT
2.2. Address
Red Hat Information Security Incident Response Team
Red Hat, Inc.
100 E. Davie St.
Raleigh, NC 27601
United States
2.3. Time Zone
RH-ISIRT's core locations and time zones are Brisbane, Australia (AEST UTC +1000), Brno, Czechia (CET, UTC +0100 / CEST, UTC +0200) and Raleigh, NC USA (EST, UTC -0500 / EDT, UTC -0400)
24x7 coverage via emergency contact telephone listed in section 2.4.
2.4. Telephone Number
RH-ISIRT emergency telephone number: +1-919-890-8888
2.5. Facsimile Number
Not applicable.
2.6. Other Telecommunication
Not applicable.
2.7. Electronic Mail Address
Incident reports should be sent to infosec@redhat.com.
2.8. Public Keys and Encryption Information
Please encrypt sensitive emails with the RH-ISIRT public key.
PGP Key ID: 0x50EB9D550CFE2855
PGP Fingerprint: A92DF9F915995C7419045F6C50EB9D550CFE2855
Key Available for download: https://keys.openpgp.org/vks/v1/by-fingerprint/A92DF9F915995C7419045F6C50EB9D550CFE2855
Please include a public key on all messages, or use a key that can be downloaded and verified from well-known public PGP keyservers
2.9. Team Members
No public information will be disclosed about RH-ISIRT members.
2.10. Other Information
For additional information about Red Hat’s Product Security Team, (distinct from RH-ISIRT), please visit: https://access.redhat.com/security/overview/
RH-ISIRT is listed by the Trusted Introducer (TI) for CERTs in Europe: https://www.trusted-introducer.org/directory/teams/rh-isirt.html
RH-ISIRT is a member of Forum of Incident Response and Security Teams (FIRST): https://first.org/members/teams/rh-isirt
RH-ISIRT is ISO 27001 certified since August 2022.
2.11. Points of Customer Contact
The preferred method for contacting RH-ISIRT is email.
For all inquiries please contact infosec@redhat.com
For emergency situations, contact RH-ISIRT at +1-919-890-8888
The RH-ISIRT is generally available Sunday, 23:00 UTC through Friday 1900 UTC, excluding holidays.
3. Charter
3.1. Mission Statement
The Red Hat Information Risk and Security Team (parent organization of RH-ISIRT) ensures Red Hat systems are resilient and secure, that processes are inline with global industry standards and regulations, and are regularly tested.
3.2. Constituency
RH-ISIRT helps safeguard Red Hat Associates, business partners, Red Hat Customers and Red Hat owned businesses. Additionally, RH-ISIRT can act as a liaison into many Open Source communities and upstream projects, including but not limited to: ansible.com, jboss.org, centos.org, fedoraproject.org, opensource.com and quay.io.
3.3. Sponsorship and/or Affiliation
RH-ISIRT is a global team of information security professionals that serve Red Hat’s corporate functions. This organization reports to Red Hat’s Chief Operating Officer, who is a member of Red Hat’s executive management.
3.4. Authority
RH-ISIRT operates under the authority of Red Hat Operations, and Red Hat Legal.
4. Policies
4.1. Types of Incidents and Level of Support
All incidents are considered normal priority unless they are labeled "CRITICAL", "URGENT" or "EMERGENCY".
Exercises or communication testing emails should be labeled "EXERCISE" or "TEST".
4.2. Co-operation, Interaction, and Disclosure of Information
All incoming information is handled confidentially by RH-ISIRT.
When reporting a sensitive incident, please indicate so appropriately, using the words "SENSITIVE" or "CONFIDENTIAL" in the subject line, and please consider using encryption as specified in section 2.8.
RH-ISIRT adheres to the Information Sharing Traffic Light Protocol according to the FIRST Standard Definitions and Usage Guidance: https://www.first.org/tlp/
Information tagged with identifiers in the TLP will be handled accordingly.
Red Hat abides by appropriate regional data protection and privacy laws as applicable.
4.3. Communication and Authentication
Please refer to section 2.8. For sensitive information, the use of PGP encryption is strongly advised.
5. Services
5.1. Incident Response
RH-ISIRT can assist system, network, and security operators with the handling of Information Security Incidents, impacting, or originating from Red Hat owned properties.
5.2. Coordination with external Entities
RH-ISIRT participates in external security working communities, regionally, nationally and globally. Examples of this include RH-ISIRT membership in FIRST, team member participation in InfraGard, and other working groups both public and private.
6. Incident Reporting Forms
Not available; please report incidents via email. When reporting issues / incidents to RH-ISIRT, please provide as much of the following information as possible:
Contact details and Org information
Brief Description of the issue or incident
Source and Destination IP Addresses if known
Any relevant logging or evidence which may be available (may be sanitized, if needed)
If forwarding an email to RH-ISIRT for investigation, please ensure that all email headers, message body, and attachment(s) are included.
7. Disclaimers
None.