top of page




CSIRT Description Sovereign Intelligence-CERT



   1. About this document


   1.1 Date of Last Update


        This is version 1.01, published 2021/07/12.


   1.2 Distribution List for Notifications


        No distribution list exists to notify changes to this document. 


   1.3 Locations where this Document May Be Found


        The current version of this CSIRT description document is

        available from the Sovereign Intelligence site; its URL is


   2. Contact Information


   2.1 Name of the Team




   2.2 Address


        Sovereign Intelligence, LLC

        1775 Tysons Blvd. 5th Floor

        McLean, VA 22102


   2.3 Time Zone


        Canada/Eastern (GMT-0500, and GMT-0400 from April to October)


   2.4 Telephone Number


        Only available internally.


   2.5 Facsimile Number


       None available.


   2.6 Other Telecommunication


        None available.


   2.7 Electronic Mail Address



   2.8 Public Keys and Other Encryption Information


        Sovereign-CERT has the following PGP Key: 


        -----BEGIN PGP PUBLIC KEY BLOCK-----

Version: FlowCrypt Email Encryption 8.1.1

Comment: Seamlessly send and receive encrypted email















   2.9 Team Members


       Sovereign-CERT’s team leader is John Gullette. 


   2.10 Other Information


        General information about the Sovereign Intelligence can be found at:


   2.11 Points of Customer Contact


        The preferred method for contacting the Sovereign-CERT is via

        e-mail at; e-mail sent to this address

        will "biff" the responsible human, or be automatically

        forwarded to the appropriate backup person, immediately.  If

        you require urgent assistance, put "urgent" in your subject



        The Sovereign-CERT’s hours of operation are generally restricted to

        regular business hours (09:00-17:00 (ET) Monday to Friday except



   3. Charter


   3.1 Mission Statement


        The purpose of the Sovereign-CERT is to provide for Sovereign Customers cyber threat intelligence on how to protect their information infrastructure assets and systems from cyber threats and incidents.


   3.2 Constituency


        Sovereign-CERT’s constituency are Sovereign Intelligence and the customers of Sovereign Intelligence.


        An overview of the organisation and customers of Sovereign Intelligence can be found at:


   3.3 Sponsorship and/or Affiliation




   3.4 Authority


        The Sovereign-CERT expects to work cooperatively with the responsible staff of the Sovereign customers. The authority of the Sovereign-CERT is established by the provisions in the customer contract.


   4. Policies


   4.1 Types of Incidents and Level of Support


       Sovereign-CERT is authorized to address all types of computer security

incidents which occur, or threaten to occur, in our constituency (cf.3.2).  The level of support will vary depending on the service level agreement with the constituent and the Sovereign-CERT’s resources at the time. 


   4.2 Co-operation, Interaction and Disclosure of Information


        The Sovereign-CERT cooperates with other organisations in the field of

computer security. This cooperation also includes and often requires

the exchange of vital information regarding security incidents and

vulnerabilities. Nevertheless Sovereign-CERT will protect the privacy of its customers, therefore (under normal circumstances) will pass on information in an anonymized way only unless agreed upon by the constituents. 


The Sovereign-CERT operates under the restrictions imposed by United States

law. Therefore it is also possible that - according to United States law -

Sovereign-CERT may be forced to disclose information due to a Court's

order. Please note that Sovereign-CERT is in no way obliged to report

criminal offences to the police. 



   4.3 Communication and Authentication


       Sovereign-CERT protects information in accordance with US and European regulations. 


   5. Services


   5.1 Incident Response


        Sovereign-CERT coordinates incident prevention, handling, and response for Sovereign Intelligence; and provides Sovereign customers incident response services according to their service level agreement.


   5.1.1 Incident Triage


         For Sovereign Intelligence, Sovereign-CERT is responsible for:            

            - Investigating whether indeed an incident occured.

            - Determining the extent of the incident and which customers may be involved.


   5.1.2 Incident Coordination


         For Sovereign Intelligence, Sovereign-CERT is responsible for:

            - Determining the initial cause of the incident

              (vulnerability exploited)

            - Notify other CSIRTs if appropriate.


   5.1.3 Incident Resolution


         For Sovereign Intelligence, Sovereign-CERT is responsible for:

            - Removing the vulnerability.

            - Securing the system from the effects of the incident


   5.2 Proactive Activities


        For Sovereign Intelligence, Sovereign-CERT is responsible for:

            - Intrusion detection

            - Vulnerability management

            - Mailing Lists to inform the Constituency of important issues.


   6. Incident Reporting Forms


        There are no local forms developed yet for reporting incidents 

        to Sovereign-CERT. If possible, please make use of the Incident

        Reporting Form of the CERT Coordination Center (Pittsburgh,

        PA).  The current version is available from:



   7. Disclaimers


        While every precaution will be taken in the preparation of

        information, notifications and alerts, Sovereign-CERT assumes no

        responsibility for errors or omissions, or for damages

        resulting from the use of the information contained within.

Effective as of June 1, 2021

Copyright 2021 Sovereign Intelligence All rights reserved.

Website Information
bottom of page