RFC-2350 CERT.GOV.AZ RFC 2350 1. Document Information This document describes CERT.GOV.AZ in accordance with RFC 2350. 1.1 Date of Last Update Version 1.3 published on 16.03.2020 1.2 Distribution List for Notifications Notifications about changes in this document are spread through our mailing list info[at]cert[dot]gov[dot]az 1.3 Locations where this Document May Be Found The current version of the given document is accessible through a CERT.GOV.AZ’ web site: http://www.cert.gov.az/cert.gov.az-rfc2350.txt The last version of the document also can be received on demand on info[at]cert[dot]gov[dot]az 2. Contact Information 2.1 Name of the Team CERT.GOV.AZ: Azerbaijan Government CERT (eng). CERT.GOV.AZ: Azərbaycan Dövlət KİMM (aze). 2.2 Address Special Communication & Information Security State Service of Azerbaijan Azerbaijan Government CERT Niyazi str, 23 Baku, Azerbaijan 2.3 Time Zone Asia/Baku (GMT+4) 2.4 Telephone Number +994 12 435 28 25 2.5 Facsimile Number +994 12 435 28 31 2.6 Other Telecommunication None. 2.7 Electronic Mail Address info@cert.gov.az v.q@cert.gov.az 2.8 Public Keys and Encryption Information CERT.GOV.AZ uses PGP for digital signatures and to receive encrypted information. The key is available on PGP/GPG key servers (http://keyserver.pgp.com) and at http://www.cert.gov.az/cert-gov-az-pgp.asc. Information about the key: Pub RSA-2048/0x31A8218B Key fingerprint = 9DB0 6BB5 58AF DBAC BA66 781E 29E2 BE0D 31A8 218B Uid Info < info[at]cert[dot]gov[dot]az> Pub RSA-2048/0x5E1C091C Key fingerprint = 637E 7EB4 3BF5 AE63 A53A C4BE 37AD A99F 5E1C 091C Uid Info < v.q[at]cert[dot]gov[dot]az> 2.9 Team Members Tural Mammadov is the Chief of Azerbaijan Government CERT. A full list of other members is not publicly available. 2.10 Other Information General information about CERT.GOV.AZ in English language is available at http://www.cert.gov.az/pages2/about.html. Information in Azerbaijan language is available at http://www.cert.gov.az/az/pages1/haqqımızda.html. 2.11 Points of Customer Contact The preferred method of contacting CERT.GOV.AZ is via e-mail at info@cert.gov.az. If for any reasons (for example, for safety reasons) use of e-mail is impossible, CERT.GOV.AZ is available by phone (during an operable time). CERT.GOV.AZ operable time: from 09:00 till 18:00 in the working days. Outside of an operable time the member of group regularly checks the mentioned e-mail address. 3. Charter 3.1 Mission Statement CERT.GOV.AZ offers assistance in computer and network security incident handling and provides incident coordination functions for all incidents involving systems and networks located in state sector of Azerbaijan Republic. 3.2 Constituency Constituency of CERT.GOV.AZ – all networks and the users allocated in state sector of the Azerbaijan Republic. 3.3 Sponsorship and/or Affiliation Parent organization for CERT.GOV.AZ is the Special Communication and Information Security State Service of the Azerbaijan Republic. 3.4 Authority CERT.GOV.AZ operates with the authority delegated by Special Communication and Information Security State Service of the Azerbaijan Republic. The group has no powers to stop activity of this or that resource within the competence, but for the decision of corresponding questions reserves the right to itself for their transfer on consideration in corresponding law enforcement bodies. 4. Policies 4.1 Types of Incidents and Level of Support CERT.GOV.AZ operates with following computer incidents. Support level depends on incident and its type and is determined by members of group. Violation of working potential of basic nodes of a network and resources of the big servers, attacks which can cause crash of the system information; The network attacks directed on obtaining (increase) of privileges; Attacks as DoS (Denial of Service) and DDoS, directed on information resources of state structures and separately taken hosts; Purposeful sending of viruses; destruction of systems of protection of information networks, including application of harmful programs (sniffer, rootkit, keylogger etc.); Scanning of national information networks and hosts; Search or interception of passwords and other authentication information; Unapproved usage of information resources. 4.2 Co-operation, Interaction and Disclosure of Information CERT.GOV.AZ gives a guarantee to the suffered person about nondisclosure of the information, received during investigation of given incident, to the third party. 4.3 Communication and Authentication Preferable method of communication is via e-mail. When the content is considered sensitive enough or demands authenticity check, CERT.GOV.AZ uses PGP key for signing e-mail messages. All sensitive communication to CERT.GOV.AZ should be encrypted by the team’s PGP key. Alternative methods can be agreed by phone. 5. Services 5.1 Incident Response CERT.GOV.AZ will assist system administrators in handling the technical and organizational aspects of incidents. In particular, it will provide assistance or advice with respect to the following aspects of incident management: 5.1.1. Incident Triage investigating whether indeed an incident occurred; determining the extent of the incident. 5.1.2. Incident Coordination determining the initial cause of the incident (the used vulnerability); facilitating contact with other sites which may be involved; making reports to other CERT/CSIRT teams; composing announcements to users, when applicable. 5.1.3. Incident Resolution removing the vulnerability; liquidation of consequences of incident; evaluating of possible additional actions taking into account their cost and risk; provide assistance in evidence collection and data interpretation when needed. In addition, CERT.GOV.AZ will collect statistics concerning incidents and will notify the community as necessary to assist it in protecting against known attacks. 5.2 Proactive Activities Information services: CERT.GOV.AZ publishes advisories for events and incidents that are considered of special importance to users in the constituency. Information is disseminated via various channels (web, RSS feeds, mailing lists etc). Training services: Members of CERT.GOV.AZ periodically hold seminars on various aspects of information and network security. 6. Incident Reporting Forms Incidents can be send via - ticketing system, e-mail and incident submit form (https://cert.gov.az/en/report). 7. Disclaimers While every precaution will be taken in the preparation of information, notifications and alerts, CERT.GOV.AZ assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.