
CSIRT
SOVEREIGN INTELLIGENCE CSIRT
CSIRT Description Sovereign Intelligence-CERT
-----------------------------
1. About this document
1.1 Date of Last Update
This is version 1.01, published 2021/07/12.
1.2 Distribution List for Notifications
No distribution list exists to notify changes to this document.
1.3 Locations where this Document May Be Found
The current version of this CSIRT description document is
available from the Sovereign Intelligence site; its URL is sovereign.ai/rfc2350
2. Contact Information
2.1 Name of the Team
Sovereign-CERT
2.2 Address
Sovereign Intelligence, LLC
1775 Tysons Blvd. 5th Floor
McLean, VA 22102
2.3 Time Zone
Canada/Eastern (GMT-0500, and GMT-0400 from April to October)
2.4 Telephone Number
Only available internally.
2.5 Facsimile Number
None available.
2.6 Other Telecommunication
None available.
2.7 Electronic Mail Address
2.8 Public Keys and Other Encryption Information
Sovereign-CERT has the following PGP Key:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: FlowCrypt Email Encryption 8.1.1
Comment: Seamlessly send and receive encrypted email
xjMEYO82axYJKwYBBAHaRw8BAQdAl0iHqfZxZlZ4ECl3AaI4sXPlbPw6Yb65
5Y4xC/aUvx/NIlNvdmVyZWlnbiBDZXJ0IDxjZXJ0QHNvdmVyZWlnbi5haT7C
jwQQFgoAIAUCYO82awYLCQcIAwIEFQgKAgQWAgEAAhkBAhsDAh4BACEJEK80
fIq/FVIaFiEERhr9L9YFAkPBWDBtrzR8ir8VUhqyAAD8Dv8wDqgLei6rpKPo
OS4OVLMls9IrxJVkI2uACR6C14oA/R6viJCBZfJri+pPnD+OIY2SkNuCRxsE
cBGLiDZAESIMzjgEYO82axIKKwYBBAGXVQEFAQEHQOiPQwkxN1JNMY51AnRP
IaSfqF3jPKck6v1wE4FdU1xeAwEIB8J4BBgWCAAJBQJg7zZrAhsMACEJEK80
fIq/FVIaFiEERhr9L9YFAkPBWDBtrzR8ir8VUhr4IwD9H4X7tKRJlY7dMXnQ
UTYu8pEMgCzrA4F6/UGHvpwrh+IA/A3DVSdHV/HjBttpbpfGWRDDN4XWQYeD
L/gzNU5xh64F
=tqI0
-----END PGP PUBLIC KEY BLOCK-----
2.9 Team Members
Sovereign-CERT’s team leader is John Gullette.
2.10 Other Information
General information about the Sovereign Intelligence can be found at: sovereign.ai
2.11 Points of Customer Contact
The preferred method for contacting the Sovereign-CERT is via
e-mail at cert@sovereign.ai; e-mail sent to this address
will "biff" the responsible human, or be automatically
forwarded to the appropriate backup person, immediately. If
you require urgent assistance, put "urgent" in your subject
line.
The Sovereign-CERT’s hours of operation are generally restricted to
regular business hours (09:00-17:00 (ET) Monday to Friday except
holidays).
3. Charter
3.1 Mission Statement
The purpose of the Sovereign-CERT is to provide for Sovereign Customers cyber threat intelligence on how to protect their information infrastructure assets and systems from cyber threats and incidents.
3.2 Constituency
Sovereign-CERT’s constituency are Sovereign Intelligence and the customers of Sovereign Intelligence.
An overview of the organisation and customers of Sovereign Intelligence can be found at: sovereign.ai.
3.3 Sponsorship and/or Affiliation
N/A
3.4 Authority
The Sovereign-CERT expects to work cooperatively with the responsible staff of the Sovereign customers. The authority of the Sovereign-CERT is established by the provisions in the customer contract.
4. Policies
4.1 Types of Incidents and Level of Support
Sovereign-CERT is authorized to address all types of computer security
incidents which occur, or threaten to occur, in our constituency (cf.3.2). The level of support will vary depending on the service level agreement with the constituent and the Sovereign-CERT’s resources at the time.
4.2 Co-operation, Interaction and Disclosure of Information
The Sovereign-CERT cooperates with other organisations in the field of
computer security. This cooperation also includes and often requires
the exchange of vital information regarding security incidents and
vulnerabilities. Nevertheless Sovereign-CERT will protect the privacy of its customers, therefore (under normal circumstances) will pass on information in an anonymized way only unless agreed upon by the constituents.
The Sovereign-CERT operates under the restrictions imposed by United States
law. Therefore it is also possible that - according to United States law -
Sovereign-CERT may be forced to disclose information due to a Court's
order. Please note that Sovereign-CERT is in no way obliged to report
criminal offences to the police.
4.3 Communication and Authentication
Sovereign-CERT protects information in accordance with US and European regulations.
5. Services
5.1 Incident Response
Sovereign-CERT coordinates incident prevention, handling, and response for Sovereign Intelligence; and provides Sovereign customers incident response services according to their service level agreement.
5.1.1 Incident Triage
For Sovereign Intelligence, Sovereign-CERT is responsible for:
- Investigating whether indeed an incident occured.
- Determining the extent of the incident and which customers may be involved.
5.1.2 Incident Coordination
For Sovereign Intelligence, Sovereign-CERT is responsible for:
- Determining the initial cause of the incident
(vulnerability exploited)
- Notify other CSIRTs if appropriate.
5.1.3 Incident Resolution
For Sovereign Intelligence, Sovereign-CERT is responsible for:
- Removing the vulnerability.
- Securing the system from the effects of the incident
5.2 Proactive Activities
For Sovereign Intelligence, Sovereign-CERT is responsible for:
- Intrusion detection
- Vulnerability management
- Mailing Lists to inform the Constituency of important issues.
6. Incident Reporting Forms
There are no local forms developed yet for reporting incidents
to Sovereign-CERT. If possible, please make use of the Incident
Reporting Form of the CERT Coordination Center (Pittsburgh,
PA). The current version is available from:
ftp://info.cert.org/incident_reporting_form
7. Disclaimers
While every precaution will be taken in the preparation of
information, notifications and alerts, Sovereign-CERT assumes no
responsibility for errors or omissions, or for damages
resulting from the use of the information contained within.
​
​
Effective as of June 1, 2021
​
Copyright 2021 Sovereign Intelligence All rights reserved.