Red Hat Information Security Incident Response Team RFC 2350 Profile

RED HAT INFORMATION SECURITY INCIDENT RESPONSE TEAM (HEREAFTER RH-ISIRT) RFC 2350 PROFILE

 

1. Document Information

This document is compliant with RFC 2350.

1.1. Date of Last Update

This is version 1.2 as of November 18, 2022.

1.2. Distribution List for Notifications

There is no distribution list for notifications.

Please inquire about updates via the RH-ISIRT email address: infosec@redhat.com

1.3. Locations where this Document May Be Found

The current version of this profile is available at https://www.redhat.com/en/trust/RFC-2350

1.4. Expiration

This document shall remain valid until superseded by a later version.

 

2. Contact Information

2.1. Name of the Team

Full name: Red Hat Information Security Incident Response Team

Short name: RH-ISIRT

2.2. Address

Red Hat Information Security Incident Response Team
Red Hat, Inc.
100 E. Davie St.
Raleigh, NC 27601
United States

2.3. Time Zone

RH-ISIRT's core office locations and timezones are Brisbane, Australia (AEST UTC +1000), Brno, Czechia (CET, UTC +0100 / CEST, UTC +0200) and Raleigh, NC USA (EST, UTC -0500 / EDT, UTC -0400)

24x7 coverage via emergency contact telephone listed in section 2.4.

2.4. Telephone Number

RH-ISIRT emergency telephone number: +1-919-890-8888

2.5. Facsimile Number

Not applicable.

2.6. Other Telecommunication

Not applicable.

2.7. Electronic Mail Address

Incident reports should be sent to infosec@redhat.com.

2.8. Public Keys and Encryption Information

Please encrypt sensitive emails with the RH-ISIRT public key.

PGP Key ID: 0x50EB9D550CFE2855

PGP Fingerprint: A92DF9F915995C7419045F6C50EB9D550CFE2855

Key Available for download: https://keys.openpgp.org/vks/v1/by-fingerprint/A92DF9F915995C7419045F6C50EB9D550CFE2855

Please include a public key on all messages, or use a key that can be downloaded and verified from well-known public PGP keyservers

2.9. Team Members

No public information will be disclosed about RH-ISIRT members.

2.10. Other Information

For additional information about Red Hat’s Product Security Team, (distinct from RH-ISIRT), please visit: https://access.redhat.com/security/overview/

RH-ISIRT is listed by the Trusted Introducer (TI) for CERTs in Europe: https://www.trusted-introducer.org/directory/teams/rh-isirt.html

RH-ISIRT is a member of Forum of Incident Response and Security Teams (FIRST): https://first.org/members/teams/rh-isirt

2.11. Points of Customer Contact

The preferred method for contacting RH-ISIRT is email.

For all inquiries please contact infosec@redhat.com

For emergency situations, contact RH-ISIRT at +1-919-890-8888

The RH-ISIRT is generally available Sunday, 23:00 UTC through Friday 1900 UTC, excluding holidays.

 

3. Charter

3.1. Mission Statement

The Red Hat Information Risk and Security Team (parent organization of RH-ISIRT) ensures Red Hat systems are resilient and secure, that processes are inline with global industry standards and regulations, and are regularly tested.

3.2. Constituency

RH-ISIRT helps safeguard Red Hat Associates, business partners, Red Hat Customers and Red Hat owned businesses. Additionally, RH-ISIRT can act as a liason into many Open Source communities and upstream projects, including but not limited to: jboss.org, centos.org, fedoraproject.org, gluster.org, and ceph.org.

3.3. Sponsorship and/or Affiliation

RH-ISIRT is a global team of information security professionals, that serve Red Hat’s corporate functions. This organization reports to Red Hat’s Chief Information Officer, who is a member of Red Hat’s executive management.

3.4. Authority

RH-ISIRT operates under the authority of Red Hat IT, and Red Hat Legal.

 

4. Policies

4.1. Types of Incidents and Level of Support

All incidents are considered normal priority unless they are labeled "CRITICAL", "URGENT" or "EMERGENCY".

Exercises or communication testing emails should be labeled "EXERCISE" or "TEST".

4.2. Co-operation, Interaction, and Disclosure of Information

All incoming information is handled confidentially by RH-ISIRT.

When reporting a sensitive incident, please indicate so appropriately, using the words "SENSITIVE" or "CONFIDENTIAL" in the subject line, and please consider using encryption as specified in section 2.8.

RH-ISIRT adheres to the Information Sharing Traffic Light Protocol according to the FIRST Standard Definitions and Usage Guidance: https://www.first.org/tlp/

Information tagged with identifiers in the TLP will be handled accordingly.

Red Hat abides by appropriate regional data protection and privacy laws as applicable.

4.3. Communication and Authentication

Please refer to section 2.8. For sensitive information, the use of PGP encryption is strongly advised.

 

5. Services

5.1. Incident Response

RH-ISIRT can assist system, network, and security operators with the handling of Information Security Incidents, impacting, or originating from Red Hat owned properties.

5.2. Coordination with external Entities

RH-ISIRT participates in external security working communities, regionally, nationally and globally. Examples of this include RH-ISIRT membership in FIRST, team member participation in InfraGard, and other working groups both public and private.

 

6. Incident Reporting Forms

Not available; please report incidents via email. When reporting issues / incidents to RH-ISIRT, please provide as much of the following information as possible:

Contact details and Org information

Brief Description of the issue or incident

Source and Destination IP Addresses if known

Any relevant logging or evidence which may be available (may be sanitized, if needed)

If forwarding an email to RH-ISIRT for investigation, please ensure that all email headers, message body, and attachment(s) are included.

 

7. Disclaimers

None.