About RFC 2350
The RFC 2350 provides a way to structure information about a computer security incident response team in a standardized form. This enables different teams to communicate more easily, gain information about each others services and constituencies. Changes to the document will be considered official only once they are committed to this page and the downloadable version.
1. Document Information
This document contains information about CERT RS, and is structured according to RFC 2350. Information shared in this document describe the responsibilities, services, and other information about CERT RS.
1.1 Date of last update
This document was last updated on 27.05.2019.
1.2 Distribution list for notifications
There is no distribution list for notifications.
1.3 Locations where this document may be found
The current version of this document is available at the CERT RS web page – https://certrs.org/rfc-2350-2/, or https://certrs.org/en/rfc-2350/ for the english version .
2. Contact information
2.1 Name of the team
“CERT RS” : Republic of Srpska national CERT
Trg Republike Srpske 1
78000 Banja Luka
Republika Srpska, Bosna and Herzegovina
2.3 Time zone
The time zone of CERT RS is the Central European Time (CET) which is GMT+0100 (+0200 during day-light saving time).
2.4 Telephone number
+387 51 339 743
2.5 Fascimilie number
+387 51 339 776
2.6 Other telecommunication
2.7 Electronic mail address
All incident reports should be sent to reports(at)certrs.org, non-incident related mail should be sent to firstname.lastname@example.org.
2.8 Public keys and encryption information
For encrypted communication CERT RS uses PGP with the key signature:
E9DD 2535 3A33 1910 DD8D 35E9 1F24 C94D 3771 8653.
2.9 Team members
Team members will identify themselves in official communication with their full name.
2.10 Other information
2.11 Points of customer contact
The primary communication method with CERT RS is via email at cert(at)certrs.org. Alternatively CERT RS can be reached at +387 51 339 743 via telephone. Working hours for CERT RS are 08:00 to 16:00 monday to friday except holidays. In an emergency situation CERT RS can respond to emails outside of business hours.
3.1 Mission statement
The primary mission of CERT RS is the coordination of computer security incident prevention, incident response and general protection of the cyber space of the Republic of Srpska.
CERT RS is the national computer security incident response team of the Republic of Srpska and its constituency consists of all the networks and users located in the Republic of Srpska.
3.3 Sponsorship and/or affiliation
CERT RS operates within the Ministry for Scientific and Technological Development, Higher Education, and Information Society.
The authority of CERT RS is defined by the Law on information security of the Republic of Srpska.
4.1 Types of incidents and level of support
CERT RS will respond to all computer security incident reports. The level of support for a given computer security incident depends on the type of incident, its severity, the completeness of information available in the incident report, as well as the teams workload at the time.
4.2 Co-operation, interaction and disclosure of information
All information shared with CERT RS is labeled using TLP. By default the exchanged information is classified as TLP:AMBER. The information can be otherwise classified explicitly, more information on that can be found at the TLP page of the CERT RS website (https://certrs.org/traffic-light-protokol/ or, https://certrs.org/en/traffic-light-protocol/ for the english version).
CERT RS can share information about computer security incidents that contain criminal elements to the Ministry of Interior of the Republic of Srpska. In cases where information obtained in handling an incident can help prevent future incidents, CERT RS will share relevant technical information omitting details about the incident reporter. Statistical information will be shared at the discretion of CERT RS. In all other cases information is only shared when presented with a court order.
4.3 Communication and authentication
Communication vie email is preferred and in situation where highly sensitive information is exchanged usage of PGP/GPG is supported with the CERT RS public keys available at https://certrs.org/pgp-gpg/ or https://certrs.org/en/pgp-gpg for the english ersion. CERT RS is also reachable by telephone.
5.1 Incident response
CERT RS offers help in handling computer security incidents to all its constituents on technical as well as organisational matters.
5.1.1 Incident triage
- Investigating whether an incident has really occurred or if it was a false positive.
- Determining the extent of an incident.
5.1.2 Incident coordination
- Determining the root cause of the incident.
- Facilitating contact with other sites which may be involved.
- Facilitating contact with the appropriate law enforcement officials, if necessary.
- Communicating with other CSIRT teams if needed.
5.1.3 Incident resolution
- Providing advice to help remove the root cause of the incident and contain the damage.
- Evaluating the cost effectiveness of certain actions relating to incident handling.
- Providing assistance with evidence collection or analysis when needed.
5.2 Proactive activities
CERT RS aims to improve the state of information security in the Republic of Srpska by activities which enable its constituents to better protect themselves and prevent the occurrence of information security incidents. Some of the activities to achieve this are:
- Publishing advisories on information relevant to its constituents via website, email, and other means.
- Providing e-services to relevant stakeholders to enable faster information exchange and analysis.
6. Incident reporting forms
The form for reporting a computer security incident can be found at https//certrs.org/prijava-incidenta, or https://certrs.org/en/report-an-incident/ for the english version.
While every precaution will be taken in the preparation of information, notification and alerts, CERT RS assumes no responsibility for errors or omissions, or for damages resulting form the use of the information contained within.