RFC-2350

CERT.GOV.AZ RFC 2350

1. Document Information
   This document describes CERT.GOV.AZ in accordance with RFC 2350.

   1.1 Date of Last Update
       Version 1.3 published on 16.03.2020

   1.2 Distribution List for Notifications
       Notifications about changes in this document are spread through our mailing list  info[at]cert[dot]gov[dot]az

   1.3 Locations where this Document May Be Found
       The current version of the given document is accessible through a CERT.GOV.AZ’ web site:
       http://www.cert.gov.az/cert.gov.az-rfc2350.txt

The last version of the document also can be received on demand on info[at]cert[dot]gov[dot]az

2. Contact Information

   2.1 Name of the Team
       CERT.GOV.AZ: Azerbaijan Government CERT (eng).
       CERT.GOV.AZ: Azərbaycan Dövlət KİMM (aze).

   2.2 Address
	Special Communication & Information Security State Service of Azerbaijan
	Azerbaijan Government CERT
	Niyazi str, 23
	Baku, Azerbaijan

   2.3 Time Zone
       Asia/Baku (GMT+4)

   2.4 Telephone Number
       +994 12 435 28 25

   2.5 Facsimile Number
       +994 12 435 28 31

   2.6 Other Telecommunication
       None.

   2.7 Electronic Mail Address
       info@cert.gov.az
       v.q@cert.gov.az

   2.8 Public Keys and Encryption Information
       CERT.GOV.AZ uses PGP for digital signatures and to receive encrypted information. The key is available on PGP/GPG key servers (http://keyserver.pgp.com) and at http://www.cert.gov.az/cert-gov-az-pgp.asc.
       Information about the key:

       Pub RSA-2048/0x31A8218B
       Key fingerprint = 9DB0 6BB5 58AF DBAC BA66 781E 29E2 BE0D 31A8 218B
       Uid Info < info[at]cert[dot]gov[dot]az>
	   
       Pub RSA-2048/0x5E1C091C
       Key fingerprint = 637E 7EB4 3BF5 AE63 A53A C4BE 37AD A99F 5E1C 091C
       Uid Info < v.q[at]cert[dot]gov[dot]az>

   2.9 Team Members
        Tural Mammadov is the Chief of Azerbaijan Government CERT.  A full list of other members is not publicly available.

   2.10 Other Information
        General information about CERT.GOV.AZ in English language is available at http://www.cert.gov.az/pages2/about.html. Information in Azerbaijan language is available at http://www.cert.gov.az/az/pages1/haqqımızda.html.

   2.11 Points of Customer Contact
        The preferred method of contacting CERT.GOV.AZ is via e-mail at info@cert.gov.az.
        If for any reasons (for example, for safety reasons) use of e-mail is impossible, CERT.GOV.AZ is available by phone (during an operable time).
        CERT.GOV.AZ operable time: from 09:00 till 18:00 in the working days.
        Outside of an operable time the member of group regularly checks the mentioned e-mail address.

3. Charter

   3.1 Mission Statement
       CERT.GOV.AZ offers assistance in computer and network security incident handling and provides incident coordination functions for all incidents involving systems and networks located in state sector of Azerbaijan Republic.

   3.2 Constituency
       Constituency of CERT.GOV.AZ – all networks and the users allocated in state sector of the Azerbaijan Republic.

   3.3 Sponsorship and/or Affiliation
        Parent organization for CERT.GOV.AZ is the Special Communication and Information Security State Service of the  Azerbaijan Republic.

   3.4 Authority
	CERT.GOV.AZ operates with the authority delegated by Special Communication and Information Security State Service of the Azerbaijan Republic. The group has no powers to stop activity of this or that resource within the competence, but for the decision of corresponding questions reserves the right to itself for their transfer on consideration in corresponding law enforcement bodies.

4. Policies

   4.1 Types of Incidents and Level of Support
       CERT.GOV.AZ operates with following computer incidents. Support level depends on incident and its type and is determined by members of group.
       Violation of working potential of basic nodes of a network and resources of the big servers, attacks which can cause crash of the system information;
       The network attacks directed on obtaining (increase) of privileges;
       Attacks as DoS (Denial of Service) and DDoS, directed on information resources of state structures and separately taken hosts;
       Purposeful sending of viruses; destruction of systems of protection of information networks, including application of harmful programs (sniffer, rootkit, keylogger etc.);
       Scanning of national information networks and hosts;
       Search or interception of passwords and other authentication information;
       Unapproved usage of information resources.

   4.2 Co-operation, Interaction and Disclosure of Information
       CERT.GOV.AZ gives a guarantee to the suffered person about nondisclosure of the information, received during investigation of given incident, to the third party.

   4.3 Communication and Authentication
       Preferable method of communication is via e-mail. When the content is considered sensitive enough or demands authenticity check, CERT.GOV.AZ uses PGP key for signing e-mail messages. All sensitive communication to CERT.GOV.AZ should be encrypted by the team’s PGP key. Alternative methods can be agreed by phone.

5. Services

   5.1 Incident Response
       CERT.GOV.AZ will assist system administrators in handling the technical and organizational aspects of incidents. In particular, it will provide assistance or advice with respect to the following aspects of incident management:

       5.1.1. Incident Triage
              investigating whether indeed an incident occurred;
              determining the extent of the incident.

       5.1.2. Incident Coordination
              determining the initial cause of the incident (the used vulnerability);
              facilitating contact with other sites which may be involved;
              making reports to other CERT/CSIRT teams;
              composing announcements to users, when applicable.

       5.1.3. Incident Resolution
              removing the vulnerability;
              liquidation of consequences of incident;
              evaluating of possible additional actions taking into account their cost and risk;
              provide assistance in evidence collection and data interpretation when needed.
              In addition, CERT.GOV.AZ will collect statistics concerning incidents and will notify the community as necessary to assist it in protecting against known attacks.

   5.2    Proactive Activities
          Information services:
          CERT.GOV.AZ publishes advisories for events and incidents that are considered of special importance to users in the constituency. Information is disseminated via various channels (web, RSS feeds, mailing lists etc).
          Training services:
          Members of CERT.GOV.AZ periodically hold seminars on various aspects of information and network security.

6. Incident Reporting Forms
   Incidents can be send via - ticketing system, e-mail and incident submit form (https://cert.gov.az/en/report).
   
7. Disclaimers
   While every precaution will be taken in the preparation of information, notifications and alerts, CERT.GOV.AZ assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.