BGD e-GOV CIRT has become the Accredited Team of TF-CSIRT
by CIRT Team
The Trusted Introducer (TI) provides European CSIRTs (Computer Security Incident Response Teams) with a public repository that lists all known European CSIRTs and explains about the TI’s accreditation service. This service is meant to do just that: facilitate trust by formally accrediting CSIRTs that are ready to take that step.
Earlier in September 2018, BGD e-GOV CIRT has been “listed” as Trusted Introducer of TF-CSIRT.
The TI service differentiate between four categories:
Teams are :
- Listed, which provides basic information about the team itself as well as shows endorsement of the team by the TI community;
- Accredited, which ensures a defined level of best practices and acceptance of the established TI policies for such teams;
- Certified, if they have been accredited before and prove a confirmed level of maturity as defined by the TI SIM framework.
For a CSIRT to proceed from the status of “listed” to the status of “accredited” they need to go through a formalized accreditation scheme. Once “accredited” they gain access to the restricted TI repository: there they find the details about their fellow accredited CSIRTs, and several value-added services like readily downloadable contact lists and PGP-Keyrings, secure discussion fora, automatic RIPE Database, IRT-object registration and more.
Accreditation Process in a brief:
Only already listed teams can become accredited. Any registered team that is serious about its service can gain accreditation. Accreditation is performed by the TI following a standardized process which takes between one and four months, depending on the current status and preparation as well as the feedback received during this process.
To apply for accreditation every team needs to follow these steps:
- An accreditation candidate must be “listed”. If a team is not yet listed, it must apply for registration first
- BGD e-GOV CIRT has been “listed” from 14 September 2018.
- To apply for accreditation, the team just needs to send a simple request to the TI team.
- The TI team will start the accreditation process by sending a formal “invitation package” to the potential candidate. This package contains all the materials needed to prepare for a successful completion of the accreditation.
- Within four weeks the formal acceptance of the
process requirements needs to be signed and then send by fax and postal mail to
the TI team. Once the letter has been received, the formal status of the team
will be changed to “accreditation candidate” and the TI community
will be notified accordingly.
- BGD e-GOV CIRT became “accreditation candidate” on 23 October 2018.
- Starting from the recognition as candidate the team has three months to submit a completed set of documents outlining the required statements and materials.
- The TI team will verify and assess all the materials that have been send by the candidate and may ask additional questions. This verification and feedback cycle usually take one to four weeks on average, depending on the level of interaction. Please be advised that the successful verification of the candidate must be finalized within the available three months.
- Once the TI team has verified that the candidate has met all requirements, the status of the team is changed from “listed” to “accredited”. The candidate as well as the TI community are formally notified thereof. With the new status the team gains access to the complete set of TI Services.
- BGD e-GOV CIRT became Accredited Team on 28 November 2018.
- If at any stage during this process the candidate does not meet the requirements or misses the deadlines, the invitation will expire or the accreditation process will fail. Any team can only be invited twice within any given period of one year.
Eight months after a team has been accredited it can apply for TI Certification.
Reference: