-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

1. Information about this document 
  
1.1 Last update date
Version 2.1, published on 2009/09/28. 

1.2 Distribution list for notifications 
There is no distribution channel to notify changes on this document. 
  
1.3 Access to this document 
The updated version of this document can be found 
at http://www.cert.pt/files/docs/rfc2350_en.txt. 
A Portuguese version can be found 
at http://www.cert.pt/files/docs/rfc2350_pt.txt. 

1.4 Authenticity of this document 
This version of CERT.PT service description is signed with CERT.PT’s PGP 
key. The signature can be found at
http://www.cert.pt/files/docs/rfc2350_pt.txt.sig or inline in this
document. 

2. Contact Information 
  
2.1 Team Name 
CERT.PT 
  
2.2 Postal Address 
FCCN / CERT.PT 
Apartado 50435 
1700-001 Lisboa 
Portugal 
  
2.3 Time Zone 
Portugal / WEST (GMT +0, GMT +1 during summertime) 
  
2.4 Phone number 
+351 218440177 
  
2.5 Fax number
+351 218440185 
  
2.6 E-mail 
report@cert.pt 
  
2.7 Other types of telecommunications 
Nonexistent. 
  
2.8 Public keys and encryption information 
CERT.PT’s PGP key has the KeyID number 0xC523AAE7 and its fingerprint is
342A 17BA DF71 E193 6871 0357 8BDE A247 C523 AAE7. This key can be found at
the usual key servers on the Internet such as www.keyserver.net or
pgp.mit.edu. 
  
2.9 Team Members 
Team leader: Lino Santos 
Members: Gustavo Neves, Luis Morais, Danilo Torres and Filipa Macieira 
Legal advice: Miguel Andrade and Marta Dias 
  
2:10 Further information 
Further information about CERT.PT can be found at http://www.cert.pt/ 
  
2:11 Types of contact for users 
CERT.PT has the following types of contact (in order of preference):
Web Form available at
http://www.cert.pt/en/index.php?option=com_mad4joomla&jid=1&Itemid=11
Email report@cert.pt; 
Phone +351 218440177, and 
Fax +351 218440185. 

3. Charter
  
3.1 Mission Statement
CERT.PT's mission is to contribute to the national cibersecurity effort, 
namely, in the treatment and coordination of security incidents, production
 of security related alerts and recommendations and in the promotion 
of a cybersecurity culture in Portugal.
  
3.2 Constituency
CERT.PT provides incident handling for the Portuguese NREN - RCTS. 
The IP addresses ranges within the scope of CERT.PT are:
- - 139.83/16
- - 193.136/16
- - 193.137/16
- - 194.210/16
- - 194.117.0.0/20
- - 194.117.16.0/21
- - 194.117.40.0/21
- - 194.117.48.0/23
- - 2001:690:: / 32
Moreover CERT.PT provides an incident coordination service for the
portuguese IP
address space, in particular with entities with wich it has formal
agreements.
  
3.3 Sponsorship and/or Affiliation 
CERT.PT is a service provided within RCTS - Science, Technology and Society
Network. 
  
3.4 Authority 
CERT.PT is a service provided within RCTS - Science, Technology and Society
Network. Its authority is defined within its AUP. 

4. Policies 
  
4.1 Types of incidents and level of support 
CERT.PT responds to all types of security incidents, particularly those
that result in a Security Violation of one of the following types: Computer
Fraud, Interference on Information System, Illegitimate access to
information system, Data Interference, Unauthorized collection of
information on information system, Copyright Violation, unsolicited E-mail
or Any other security breach. 
The support level provided by CERT.PT varies depending on the type,
severity and context of ongoing incidents and the resources available for
its treatment. In normal operating conditions an objective of CERT.PT is to
provide initial response within one business day. 
  
4.2 Cooperation, interaction and privacy policy 
CERT.PT’s privacy and data protection policies states that sensitive
information can be given to third parties, but only in cases of genuine
need and with prior approval of the individual or entity to whom this
information concerns. 
  
4.3 Communication and Authentication 
- - From the range of communication facilities provided by CERT.PT, phone and
unencrypted email is considered sufficient for the transmission of
non-sensitive information. For the transmission of sensitive information
the use PGP encryption is required.

5. Services 
  
5.1 Incident Handling
The treatment of computer security incidents is the main service provided
by CERT.PT. The term computer security incident refers to any action or set
of actions taken against a computer or computer network that results or may
result in loss of confidentiality, integrity or performance of a
communication network or computer system, in particular, unauthorized
access, alteration or removal of information, interference or denial of
service in the computer system. CERT.PT treats computer security incidents
in the context of the RCTS - Science, Technology and Society Network user
community, i.e. incidents where the source or target of the attacks is
within the RCTS. To incidents outside this framework, CERT.PT has a
incident coordination service. 

5.2 Incident Coordination
Upon request, CERT.PT provides a Incident Coordination service that
typically involves the victims of the attacks, ISPs and other CSIRTs when
necessary. The incident coordination includes support to the analysis of
the incident, collection of information about other potential victims and
communication with them or with their CSIRTs. The incident coordination
service is carried out for the National CSIRT Network and other incidents
within the portuguese territory. 
  
5.3 Alert Dissemination
CERT.PT assembles a set of information received from several well-known
sources, assesses its relevancy and translates it to Portuguese. Depending
on the degree of severity, analyzed information may cause a security alert,
a recommendation or a simple report in the portal http://www.cert.pt/. 
  
5.4 New CSIRT promotion
CERT.PT also has a service to promote the creation of new computer security
incidents response teams in Portugal. This service includes training on the
subject of incident response, the promotion of the subject in relevant
forums and the support for new team early stages. 

6. Incident form 

The privileged channel for reporting security incidents is through the Web
form available at
http://www.cert.pt/en/index.php?option=com_mad4joomla&jid=1&Itemid=11. 

7. Safety responsibility 

Although every precaution is taken in the preparation of information
disseminated in our Internet portal or through the distribution lists,
CERT.PT assumes no responsibility for errors or omissions, or damages
resulting from use of this information.


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.9.1 (Build 287)
Charset: utf-8

wsFVAwUBSwUzsYveokfFI6rnAQhK2hAAlIcUX9wVi2JrH8YxJAeH6aBbGIDvyQJ9
0Hg7zzf8GSQJ52IPxwqLs9g9u/kR7Db12wW1HUan/yk5NIpncbt0tonL7mC0jHnp
2+TjWFJM1mohL37RMjZTbZQ1wToe4JnvaQqVzG81QIyzh2qErHQ4KnEpYFWxr/4G
P9dgYSJhxyAYkkEg0s93lOeNN9qN9TPUDX+qTGZpu4yA1xtZo7/awdmVsTLbNFjB
7Mt3uEf/CE+xzAAJnk1Qs6Y7KWgahI3kmG3ILyiJDqSSMdmgUqmg+qMvPQUvy0ct
9WPhRDKYuKExy7/iKnIkFgjFsbftgArDkC6z7fzUuOy+BhKHZxe4pp8obuFpNP3f
WH0UVMR8NbFvzdyg2jeOr8jeAR+91MY1a8wb7+w2jzFs6QIdBdpDAZD6eYUDaSAk
wvSS/CXHp1XB8bZlKJnWBkbhQTx43h/6UZRwnIRwQR8jsj3lB6sp70O//64OdFqQ
ZRPN14oKanqcW/cVHH71sj2LGbg2yrpcOwSsGCSoSjBYaqEN8fK0hgl1K4t7JG6y
WgG71WCmljzK5Gr3GOgR3amI/W/SeL9U5DbWB2nHzl5mwKWSLMlkdlj4ADZkTEkO
BPG6uqB+7Ytr+Rb5gaW9blF4OQFrhki4D0PgmjqSqOd/efhZ46ufG6+nswd5YMxj
WS50J8sg15g=
=kLk1
-----END PGP SIGNATURE-----