www.cert.is
Open in
urlscan Pro
82.221.64.168
Public Scan
URL:
https://www.cert.is/um-okkur/rfc-2350/
Submission: On February 28 via api from RU — Scanned from IS
Submission: On February 28 via api from RU — Scanned from IS
Form analysis 1 forms found in the DOM
/leitarnidurstodur/
<form action="/leitarnidurstodur/">
<div class="form-group"><input id="q" type="search" class="form-control" name="q" placeholder="Hvað viltu finna?"><!--!-->
<input type="submit" id="btn-search" class="btn-search" value="Search" tabindex="-1">
<!--!--><label for="q" class="sr-only">Leita</label>
<!--!--><label for="btn-search" class="sr-only">Leita hnappur</label>
</div><!--!-->
<small>Sláðu inn leitarorð</small>
</form>Text Content
Við notum vafrakökur á þessari vefsíðu
Við notum vafrakökur til að safna og greina upplýsingar um notkun og virkni
vefsíðunnar, til að geta notað lausnir frá samfélagsmiðlum og til að bæta efni
og birta viðeigandi markaðsefni.
Nánar um vafrakökur
Stillingar á vafrakökumHafna öllum
Leyfa vafrakökur
Við notum vafrakökur á þessari vefsíðu
* Stillingar
* Vafrakökuyfirlýsing
Vafrakökum sem eru notaðar á þessum vef er skipt í flokka og fyrir neðan geturðu
lesið um hvern þeirra og leyft eða hafnað ákveðnum eða öllum flokkum. Ef flokki
sem hafði áður verið leyfður er hafnað er öllum vafrakökum í þeim flokki eytt út
úr vafranum þínum. Til viðbótar geturðu séð lista yfir kökur í hverjum flokki og
ítarlegar upplýsingar í vafrakökuyfirlýsingunni.
Nánar um vafrakökur
Leyfa vafrakökurHafna öllum
Nauðsynlegar kökur
Sumar kökur eru nauðsynlegar fyrir grunnvirkni vefsíðunnar. Vefsíðan mun ekki
virki rétt án þessara vafrakaka og þær eru því sjálfkrafa virkar og ekki hægt að
hafna þeim.
Tölfræðikökur
Tölfræðikökur hjálpa okkur að bæta vefsíðuna með því að safna og greina
upplýsingum um notkun hennar.
Vafrakökum sem eru notaðar á þessum vef er skipt í flokka og fyrir neðan geturðu
lesið um hvern þeirra og leyft eða hafnað ákveðnum eða öllum flokkum. Ef flokki
sem hafði áður verið leyfður er hafnað er öllum vafrakökum í þeim flokki eytt út
úr vafranum þínum. Til viðbótar geturðu séð lista yfir kökur í hverjum flokki og
ítarlegar upplýsingar í vafrakökuyfirlýsingunni.
Nánar um vafrakökur
Nauðsynlegar kökur
Sumar kökur eru nauðsynlegar fyrir grunnvirkni vefsíðunnar. Vefsíðan mun ekki
virki rétt án þessara vafrakaka og þær eru því sjálfkrafa virkar og ekki hægt að
hafna þeim.
Nauðsynlegar kökurNafnLénSlóðRennur útMerkicookiehub.cert.is/365 dagar
Used by CookieHub to store information about whether visitors have given or
declined the use of cookie categories used on the site.
Tölfræðikökur
Tölfræðikökur hjálpa okkur að bæta vefsíðuna með því að safna og greina
upplýsingum um notkun hennar.
TölfræðikökurNafnLénSlóðRennur útMerki
Vista stillingar
Stillingar á vafrakökum
Hoppa yfir valmynd
Tilkynna Hafa samband EN Open Mobile Nav
* Um okkurOpna valmynd
Til baka
* Um okkur
*
Hlutverk
*
Skipurit
*
Sviðshópar
*
Þjónusta
*
Saga
*
Lög og reglur
*
RFC-2350
*
Hafa samband
*
* Fréttir og tilkynningarOpna valmynd
Til baka
* Fréttir og tilkynningar
*
Fréttasafn
*
* FræðslaOpna valmynd
Til baka
* Fræðsla
*
Hvað er netglæpur?
*
Hefur lykilorðið mitt lekið?
*
Vefveiðar
*
Fyrir einstaklinga
*
Fyrir fyrirtæki
*
* Skýrslur og útgefið efniOpna valmynd
Til baka
* Skýrslur og útgefið efni
*
Ársskýrslur
*
Október 2022
*
* Leiðbeiningar í atvikumOpna valmynd
Til baka
* Leiðbeiningar í atvikum
*
Tilkynna atvik
*
Fyrstu viðbrögð í atvikum
*
Fyrirtæki í atvikameðhöndlun
*
Tilkynningar um atvik og áhættu
*
TLP skilgreining
*
Samstarf með Almannavörnum
*
Skyldutilkynningar
*
Alvarleikamat
*
Tilkynna atvik
Loka valmynd
Leita Leita hnappur
Sláðu inn leitarorð
* Um okkur
* Hlutverk
* Skipurit
* Sviðshópar
* Þjónusta
* Saga
* Lög og reglur
* RFC-2350
* Hafa samband
* Fréttir og tilkynningar
* Fréttasafn
* Fræðsla
* Hvað er netglæpur?
* Hefur lykilorðið mitt lekið?
* Vefveiðar
* Fyrir einstaklinga
* Fyrir fyrirtæki
* Skýrslur og útgefið efni
* Ársskýrslur
* Október 2022
* Leiðbeiningar í atvikum
* Tilkynna atvik
* Fyrstu viðbrögð í atvikum
* Fyrirtæki í atvikameðhöndlun
* Tilkynningar um atvik og áhættu
* TLP skilgreining
* Samstarf með Almannavörnum
* Skyldutilkynningar
* Alvarleikamat
* Um okkur
* Hlutverk
* Skipurit
* Sviðshópar
* Þjónusta
* Saga
* Lög og reglur
* Hafa samband
* RFC-2350
RFC-2350
1 DOCUMENT INFORMATION
This document contains a description of CERT-IS in accordance with RFC-2350.
1.1 DATE OF LAST UPDATE
This document was updated on 2023-01-05.
1.2 DISTRIBUTION LIST FOR NOTIFICATIONS
No explicit distribution list for notifications is implemented. Constituents and
other interested parties are directed to the current on-line version.
1.3 LOCATIONS WHERE THIS DOCUMENT MAY BE FOUND
The current version of this profile is always publicly available on
https://www.cert.is/um-cert-is/rfc2350
2 CONTACT INFORMATION
2.1 NAME OF THE TEAM
Full name: Computer Emergency Response Team - Iceland
Short name: CERT-IS
2.2 ADDRESS
Mailing address:
The Electronic Communications Office of Iceland (ECOI)
c/o CERT-IS
Sudurlandsbraut 4
108 Reykjavik
Iceland
2.3 TIME ZONE
Greenwich Mean Time (GMT-0) is in effect throughout the whole year.
Summer or Winter time adjustments are never used.
2.4 TELEPHONE NUMBER
CERT-IS: +354-510-1540
ECOI main switchboard: +354-510-1500
2.5 FACSIMILE NUMBER
+354-510-1509 (NOTE not a secure fax) - mark CERT-IS clearly on any facsimile
material
2.6 OTHER TELECOMMUNICATIONS
TETRA encrypted radio communications with other responders, as well as those
constituents so equipped
Duty Officer’s on-call mobile number is made available to constituents upon
request and belonging to managed teams of critical infrastructure.
2.7 ELECTRONIC MAIL ADDRESS
Team e-mail: cert@cert.is (PGP 0x13E9308B)
Report phishing links: phishing@cert.is
2.8 PUBLIC KEYS AND ENCRYPTION INFORMATION
CERT-IS supports PGP/GnuPG for secure communications. The current keys for our
e-mail addresses can be found at https://www.cert.is/pgp, as well as on
keyservers at Symantec PGP directory and OpenPGP.
Fingerprints and other key information can also be found at CERT-IS Twitter
handle.
Please use the appropriate PGP keys when you encrypt messages that you send to
CERT-IS. When relevant, CERT-IS will sign messages using the same key. Please
sign your messages using your own key. It helps if the key is verifiable using
public keyservers, or the fingerprint is verifiable from a separate source.
Please ensure CERT-IS can locate your public key if you want to communicate
securely with CERT-IS.
2.9 TEAM MEMBERS
Please use our team e-mail address when you need to establish contact with
individual team members.
Member of established support groups for Critical Infrastructure are given
contact information for supporting CERT-IS staff.
2.10 OTHER INFORMATION
Refer to the CERT-IS web page - https://www.cert.is.
CERT-IS is a member of FIRST. CERT-IS is a listed team by the Trusted Introducer
for CSIRTs in Europe.
2.11 POINTS OF CUSTOMER CONTACT
Refer to our telephone numbers and e-mail addresses. CERT-IS regular response
hours are 8:00 to 16:00 Monday-Friday, except Icelandic public holidays,
otherwise on best-effort basis. CERT-IS operates on-call duty officer service
available 24 hours every day of the year for organizations defined as critical
infrastructure.
3 CHARTER
3.1 MISSION STATEMENT
The mission of CERT-IS is to reduce cyber-risk in the networks and computer
systems of it’s constituents, monitor cyber-threats and vulnerabilities and
assist in coordinating and mitigating incidents.
CERT-IS acts as the national point-of-contact for matters related to cyber
security in Iceland, and as such, develops cooperation and information exchange
with partners in other countries. CERT-IS assists on best-effort basis in
reducing risk and mitigating incidents that occur in or affect Icelandic
networks and systems.
CERT-IS continuously assesses the status of the Icelandic constituency through
information gathering and analysis. The situation as reflected by the analysis
is disseminated to the constituency in an effort to incrementally improve the
overall status of cyber security. In certain cases CERT-IS can issue binding
directives to it’s constituents regarding cybersecurity issues.
CERT-IS contributes to the overall cyber security in Iceland by providing alerts
and contributing to publicly available educational material.
CERT-IS operates a SOC for eligible government entities and can enter into a
contract to provide certain cybersecurity services to eligible entities.
3.2 CONSTITUENCY
CERT-IS is the national CERT of Iceland and as such the national
point-of-contact for cyber security related incidents.
By law, the constituency of CERT-IS are registered telecommunications operators
in Iceland, critical infrastructure providers and certain eligible government
entities as well as parties that have contracted for the services of the team.
CERT-IS is the CSIRT of last-resort, i.e. directs incident reports to the
parties most suitable to handle them effectively. CERT-IS welcomes all incident
reports of significance to Icelandic interests regardless of the reporter’s
nationality or affiliation.
A complete description of the constituency is available at the CERT-IS
homepage.
3.3 SPONSORSHIP AND/OR AFFILIATION
CERT-IS an organisational unit under the Electronic Communications Office of
Iceland (ECOI)
3.4 AUTHORITY
CERT-IS coordinates security incidents on behalf of its constituency in
accordance with Icelandic laws. As a coordinating and advisory body, CERT-IS
advises constituents and has limited authority to issue binding directives to
constituents that are defined as critical infrastructure. However, CERT-IS is
expected to make operational recommendations regarding cyber security, including
best practices, vulnerabilities and vulnerability management, mitigation of
incidents and incident handling. Recommendations in handling individual
incidents may include mitigating measures such as temporarily blocking IP
addresses or networks and disabling potentially malicious webs. Implementation
is solely the responsibility of the parties that receive and implement the
recommendations or directives of CERT-IS.
The authority and mandate of CERT-IS is further detailed in Icelandic laws and
regulations, including
70/2022 Lög um fjarskipti
78/2019 Lög um öryggi net- og upplýsingakerfa mikilvægra innviða
480/2021 Reglugerð um netöryggissveit Póst- og fjarskiptastofnunar (CERT-ÍS)
4 POLICIES
4.1 TYPES OF INCIDENTS AND LEVEL OF SUPPORT
CERT-IS accepts and triages all incidents reported, regardless of the affected
sector or party. Incidents are prioritized and handled on a best-effort basis
after triage. Incidents believed to affect the constituency of CERT-IS are
prioritized.
CERT-IS advises the National Commissioner of the Icelandic Police
on escalation and handling of critical incidents, such as those that
potentially affect the security of the country or population at large.
4.2 CO-OPERATION, INTERACTION AND DISCLOSURE OF INFORMATION
CERT-IS handles all incoming information confidentially, regardless of its
source and priority. When reporting an incident of sensitive nature, please
state so explicitly, e.g. by using the label SENSITIVE or CONFIDENTIAL in the
subject of the e-mail message. Encryption of sensitive material in e-mail
messages is highly recommended.
CERT-IS observes the Traffic Light Protocol (TLP) and handles information
labeled as CLEAR, GREEN, AMBER, AMBER+STRICT and RED accordingly.
CERT-IS will use information provided to help mitigate security incidents, as
all CERTs do. CERT-IS will respect TLP and other confidentiality labels but
reserves the right to act on all actionable indications of threats and malicious
behavior that can be of threat to the constituency. Information will be
anonymized as far as practical and disseminated on a need-to-know basis. Please
state clearly in communications if you object to this practice and wish to
impose stricter limitations on dissemination. CERT-IS will respect your policy
but will also point out if that means that CERT-IS cannot act on the information
provided.
CERT-IS is obliged by law to notify the National Commissioner of the Icelandic
Police as well as the National Cyber Security Council
of incidents and risks that may lead to serious impact on critical
infrastructure, national security or the general public.
CERT-IS is obliged to notify the relevant authorities of critical incidents
reported by operators of essential services and digital services providers under
the provisions of law 78/2019.
CERT-IS operates under the restrictions imposed by Icelandic law.
4.3 COMMUNICATION AND AUTHENTICATION
Usage of PGP/GnuPG or other pre-approved, cryptographic means is highly
recommended in cases where sensitive information is submitted to CERT-IS, both
for signing and encryption. In particular, use of PGP keys is highly recommended
when sending material labeled as TLP:AMBER or higher to CERT-IS. Please advise
CERT-IS of your public PGP keys if you wish to receive encrypted communications
from CERT-IS. Please contact CERT-IS if you are unable or not willing to use PGP
encrypted e-mail communications for advice regarding secure exchange of
sensitive information.
CERT-IS reserves the right to verify the authenticity of information provided
and/or sources by any legal means. CERT-IS authenticates all communications by
signing with either the team key or by keys belonging to one of it’s staff.
5 SERVICES
5.1 REACTIVE SERVICES (INCIDENT RESPONSE, TRIAGE, CO-ORDINATION AND RESOLUTION)
CERT-IS triages and coordinates reported security incidents that involve its
constituents as defined in and for the prioritization of incidents.
CERT-IS reserves the right to reject or redirect any incident report that is
believed to be out-of-scope for its mandate. CERT-IS prioritizes incidents
according to the affected constituency and severity and reserves the right to
reject or handle at a best-effort basis any incidents received during periods of
high demand.
CERT-IS incident handling is limited to co-ordination, consultation and
information dissemination as needed to mitigate the immediate threat posed by a
cyber incident. Preventive or mitigating actions are the responsibility of the
owners/operators of the affected systems, whether or not those parties are
constituents. CERT-IS offers support and advice as requested. CERT-IS is not
responsible for implementation of recommended preventive or mitigation
measures.
CERT-IS may additionally handle incident forensics as part of it’s SOC services
provided to select eligible and contracted constituents. The constituent has the
responsibility of acquiring and providing any equipment or data or access to
thereof to assist in the forensics process.
5.2 PROACTIVE SERVICES
CERT-IS proactively advises their constituents regarding vulnerabilities and
cyber security threats and trends. Reports are produced on a regular basis and
disseminated to a) the public, b) groups of constituents, c) national cyber
security council and the national security council or d) individual
constituents. Reports may be restricted in accordance with TLP as appropriate.
CERT-IS is not responsible for the implementation of recommended policies.
CERT-IS contributes to public cybersecurity awareness by producing public
advisories and cooperating with public interest groups.
6 INCIDENT REPORTING FORMS
Please report incidents in plain text via e-mail (PGP encrypted if possible) or
by phone. Operators of essential services and digital services providers can
utilize an electronic form available at
https://cert.is/leidbeiningar-i-atvikum/tilkynna-atvik/ or alternatively
https:/oryggisatvik.island.is to report incidents.
7 DISCLAIMERS
While every precaution is taken in the preparation of information, notifications
and alerts, CERT-IS assumes no responsibility for errors or omissions, or for
damages resulting from the use of information contained within.
PGP númer afritað! ×
* Sími:
* Tilkynningar:
* Netfang:
* Heimilisfang:
* PGP:
* (+354) 510 1500
* (+354) 510 1540
* cert@cert.is
* Suðurlandsbraut 4, 108 Reykjavík
* Sýna PGP fingrafar
BF14 84D3 1D39 9C9F 2C70 9054 3938 E161 13E9 308B
* © Netöryggissveitin
* Kt.: 570397-2499 (Fjarskiptastofa)
* Persónuverndarstefna
* Um okkur
* Hlutverk
* Skipurit
* Sviðshópar
* Þjónusta
* Saga
* Lög og reglur
* RFC-2350
* Hafa samband
* Fréttir og tilkynningar
* Fréttasafn
* Fræðsla
* Hvað er netglæpur?
* Hefur lykilorðið mitt lekið?
* Vefveiðar
* Fyrir einstaklinga
* Fyrir fyrirtæki
* Skýrslur og útgefið efni
* Ársskýrslur
* Október 2022
* Leiðbeiningar í atvikum
* Tilkynna atvik
* Fyrstu viðbrögð í atvikum
* Fyrirtæki í atvikameðhöndlun
* Tilkynningar um atvik og áhættu
* TLP skilgreining
* Samstarf með Almannavörnum
* Skyldutilkynningar
* Alvarleikamat
* Tilkynna atvik
* Um okkur
* Hlutverk
* Skipurit
* Sviðshópar
* Þjónusta
* Saga
* Lög og reglur
* RFC-2350
* Hafa samband
* Fréttir og tilkynningar
* Fréttasafn
* Fræðsla
* Hvað er netglæpur?
* Hefur lykilorðið mitt lekið?
* Vefveiðar
* Fyrir einstaklinga
* Fyrir fyrirtæki
* Skýrslur og útgefið efni
* Ársskýrslur
* Október 2022
* Leiðbeiningar í atvikum
* Tilkynna atvik
* Fyrstu viðbrögð í atvikum
* Fyrirtæki í atvikameðhöndlun
* Tilkynningar um atvik og áhættu
* TLP skilgreining
* Samstarf með Almannavörnum
* Skyldutilkynningar
* Alvarleikamat
* Tilkynna atvik