RFC2350

This document presents an overview of the CSIRT-NAIS following the RFC 2350 guidelines.

1. About this document

This document contains a description of the CSIRT-NAIS in accordance with RFC 2350 specification.

It provides basic information about the CSIRT NAIS, describes its responsibilities and the services it offers.

1.1 Date of Last Update

This is version 1.0, published 09/09/2024.

1.2 Distribution List for Notifications

There is no distribution channel to notify changes in this document.

Changes are announced in https://www.nais.ai/certificazioni

1.3 Locations where this Document May Be Found

The current version of this document is available at: https://www.nais.ai/rfc2350

Please make sure you are using the latest version.

1.4 Document Identification

Title "RFC2350"

Version: 1.0

Document Date: 2024-09-09

Expiration: this document is valid until superseded by a later version

2. Contact Information

2.1 Name of the Team

CSIRT: Computer Security Incident Response Team di NAIS

Short Name: CSIRT-NAIS

2.2 Address

NAIS Srl

Corso Mortara, 24

10149 Torino, Italy

2.3 Time Zone

Central Europe, (GMT+1, and GMT+2 from the last Sunday of March to the last Sunday of October)

2.4 Telephone Number

Phone +39 011 2178342

2.5 Fax Number

Fax +39 011 19112767

2.6 Other Telecommunication

The constituency of the CSIRT-NAIS shall communicate with the team members via the form mentioned in section 6 or via email.

2.7 Electronic Mail Address

team.csirt@nais.ai

2.8 Public Keys and Other Encryption Information

The CSIRT-NAIS supports PGP/GPG encryption.

Fingerprint:0357E5F0142F856AD26750E169B4C1D9EDA5547A

The PGP/GPG public key is available on the official website of the CSIRT-NAIS, at the following address:

https://www.nais.ai/certificazione-csirt-scarica-la-chiave-pgp

2.9 Team Members

CSIRT-NAIS operates as a National CSIRT. The team is made up of Cyber Security Analysts, Threat Analysts and Incident Responders.

2.10 Other Information

General information about the CSIRT-NAIS can be found at:

https://www.nais.ai/chi-siamo

2.11 Points of Customer Contact

The preferred methods for contacting CSIRT-NAIS are via the form mentioned in section 6 or via email at team.csirt@nais.ai

The mailbox is monitored during hours of operation.

Please use PGP/GPG if you intend to send sensitive information. The CSIRT-NAIS operates 24/7 all year round, a telephone number operating 24/7 has been provided to a restricted group of users.

3. Charter

3.1 Mission Statement

The CSIRT of NAIS Srl provides security incident response services to both internal departments and clients. Additionally, it offers services such as continuous IT security monitoring, incident management, and remediation support on behalf of its clients.

3.2 Constituency

CSIRT-NAIS can offer its services to:

  • Small and Medium-sized Enterprises (SMEs)
  • Large and Enterprise-level companies
  • Strategic partners and technology service providers

Additionally, CSIRT-NAIS supports both national and international companies simultaneously, ensuring comprehensive coverage across different markets and regions.

3.3 Affiliation

CSIRT-NAIS is responsible for managing network and system incidents both within the company and for our clients. It supports all customers in defending against threats that impact devices, users, and networks. CSIRT-NAIS works closely with its clients, forming strong partnerships to assistthrough security procedures, including prevention, detection, and response activities.

4. Policies

4.1 Types of Incidents and Level of Support

The level of support provided by CSIRT-NAIS varies depending on several factors, such as the type and severity of the incident, the nature of the constituent, the size of the affected user community, and the available resources at that time.

Please note that CSIRT-NAIS does not offer direct support to end users. End users are expected to contact their system or network administrators, or department heads, who will receive assistance from CSIRT-NAIS.

CSIRT-NAIS can handle a wide range of security incidents. Below is a representative, though not exhaustive, list:

  • Data exfiltration or theft
  • Unauthorized network access
  • Compromised accounts and lateral movement
  • Malware infections
  • Phishing or social engineering attacks
  • Vulnerability assessments

CSIRT-NAIS Security Incident Classification Matrix:

  • Low: Minimal impact, typically affecting a single system.
  • Medium: Affects multiple systems.
  • High: Impacts critical systems.
  • Critical: Requires urgent response due to high impact, possibly involving third parties.

CSIRT-NAIS offers different levels of service:

  • Low incidents: Managed by the internal SOC (Security Operations Center).
  • Medium and High incidents: Handled by the incident response team, with possible escalation to the incident management team. Escalation is assessed on a case-by-case basis.
  • Critical incidents: Engage all stakeholders, both internal and external, with coordination led by the incident management team.

4.2 Co-operation, Interaction and Disclosure of Information

CSIRT-NAIS places great importance on technical and operational cooperation, as well as the sharing of information among CSIRTs and other security organizations. General incident-related information, including names and technical details, is kept confidential and is not made public.

Subject to mutual agreement, CSIRT-NAIS may share certain information with entities such as:

  • Technical experts from the National Cybersecurity Agency (ACN).
  • Italian law enforcement agencies, if required by law or upon request from the information source.
  • The CSIRT cooperation group.

CSIRT-NAIS operates in full compliance with Italian and European regulations, protecting sensitive information according to the relevant legal frameworks within Italy and the EU.

Information is processed and handled in secure physical and technical environments, adhering to Italian regulations on information protection.

CSIRT-NAIS observes the CSIRT Code of Practice.

4.3 Communication and Authentication

The preferred method for contacting CSIRT Italia is via the notification forms referenced in Section 6. Alternatively, you can reach out via email at: team.csirt@nais.ai

By default, any sensitive communication sent to CSIRT-NAIS should be encrypted using our public PGP key, which is detailed in Section 2.8.

5. Services

5.1 Proactive Activities

The CSIRT-NAIS provides the following proactive services:

- Security bulletin and vulnerability bulletin

- Vulnerability scan (VA)

- Penetration test (PT)

- Infrastructure monitoring

5.2 Reactive Activities

The CSIRT -NAIS provides the following reactive services:

  • alerts and warnings
  • forensic analysis
  • incident analysis
  • incident response support
  • artifact analysis
  • incident response
  • incident response on site
  • vulnerability analysis
  • vulnerability response

6. Incident Reporting Forms

Incident notification can be done through the form available on the public portal at the following address:

https://www.nais.ai/?contacts-now

To complete the form, users must provide accurate contact information. Specifically, a valid email address is required.

7. Disclaimers

Nais srl is not responsible for any misuse of the information contained herein.