Version: 1.4
Date: January 12, 2024
This document contains a description of CERT.br according to RFC 2350.
January 12, 2024
There is no distribution list for notifications of new versions of this document.
The current version of this document can be found at https://cert.br/about/rfc2350/
For validation purposes, a GPG signed ASCII version of this document is located at https://cert.br/about/rfc2350/rfc2350-certbr.txt
The key used for signing is the CERT.br key as listed under 2.8.
Name in English:
CERT.br - Computer Emergency Response Team Brazil
Name in Portuguese:
CERT.br - Centro de Estudos, Resposta e Tratamento de Incidentes de
Segurança no Brasil
CERT.br/NIC.br
Av. das Nações Unidas, 11541, Cj 71/72
04578-000 - São Paulo, SP - Brazil
CERT.br is located in São Paulo, Brazil, UTC-0300. Brazil no longer observes daylight saving time.
Not applicable. CERT.br does not accept incident reports via telephone.
Not applicable.
iNOC-DBA: 22548*800
Incident reports should be sent to cert@cert.br.
CERT.br PGP Key has annual validity and the year's key is generated
in January. The Key information can be found at:
https://cert.br/contact/
CERT.br PGP Key can be found at:
https://cert.br/pgp/CERTbr.asc
No public information is provided about CERT.br members.
For additional information about how to contact CERT.br, see:
https://cert.br/contact/
CERT.br is a FIRST member, details at:
https://www.first.org/members/teams/cert-br
CERT.br is a TF-CSIRT member, Accredited by Trusted Introducer, details at:
https://www.trusted-introducer.org/directory/teams/certbr.html
To contact CERT.br regarding security incidents related to Brazilian networks send an email to <cert@cert.br>.
CERT.br operates from Monday through Friday, from 09:00h to 18:00h, UTC-0300.
To increase the level of security and incident handling capacity of the networks connected to the Internet in Brazil.
CERT.br provides incident analysis and coordination for any network that uses Internet Resources allocated by NIC.br, namely IP addresses or Autonomous Systems allocated to Brazil, and domains under the ccTLD .br.
CERT.br will always try to coordinated with more specific Brazilian CSIRTs and Security Teams. If none is available, it will do its best to locate the Autonomous System Responsible party.
Educational material is provided for the general public at these
addresses:
https://cartilha.cert.br/
https://internetsegura.br/
CERT.br is a NIC.br service to Brazil, it was created in 1997, by initiative of the Brazilian Internet Steering Committee (CGI.br). CGI.br is a multi-stakeholder organization, coordinated by the Government, that coordinates all Internet related activities in Brazil. Funding is solely provided by NIC.br (https://nic.br/).
The activities performed by CERT.br are in accordance to the CGI.br attributions, as defined in the Presidential Decree 4829[1], from 2003:
These activities are also in accordance to the NIC.br objectives, according to is Statute[2]:
References (in Portuguese):
1. https://cgi.br/pagina/decretos/108
2. https://nic.br/estatuto-nic-br/
CERT.br has no authority over its constituency, all activities are based on collaborative relationships with other entities.
CERT.br is a National CSIRT of Last Resort and provides a focal point for incident notification in the country, providing the coordination and necessary support for organizations involved in incidents, including:
CERT.br is also committed to keeping its constituency informed of new trends and threats. In this respect CERT.br maintains both a national and an international network of sensors, that provide data used to increase the capacity of incident detection, event correlation and trend analysis in the country.
CERT.br treats all information as confidential by default, but will use the information shared to help solve security incidents. Information might be distributed forward to other teams/organizations on a need-to-know basis. Information will be anonymised whenever it is feasible.
CERT.br adheres to the Information Sharing Traffic Light Protocol according to the FIRST Standard Definitions and Usage Guidance: https://www.first.org/tlp/. Information that is labelled with the tags WHITE, GREEN, AMBER, or RED will be handled appropriately.
For normal communication not containing sensitive information CERT.br uses conventional methods like unencrypted e-mail. Please refer to sections 2.7 and 2.8. For sensitive information, the use of PGP encryption is strongly encouraged. If it is necessary to authenticate a person before communicating, this can be done either through existing communities (e.g. FIRST, TI) or by other methods like call-back, mail-back or even face-to-face meeting if necessary.
CERT.br will provide assistance to other teams in handling the technical and organizational aspects of incidents.
CERT.br will help to validate the incident, as well as to assess it and prioritise it.
CERT.br encourages all teams to directly contact the most specific CSIRT or security team as possible, and to maintain CERT.br in the copy of the communication.
CERT.br will then:
The most valuable service we can provide is to act as an information hub, which knows where to send the right incident reports to in order to help and facilitate the resolution of security incidents.
Due to staffing levels we can not guarantee we can reply to all incident reports received. If the report was already sent to the best possible contacts, CERT.br will record the incident for statistical purposes, but it might not send any reply. If you haven't received any feedback to a report and need any action by CERT.br staff, please contact us again, clearly stating the type of help needed.
Auto-generated reports and data-feeds will be handled as automatically as possible.
As CERT.br is a coordinating team, this means we do not have any authority to enforce the request of takedowns, shutdowns or any other specific action. To the best of our ability we will:
CERT.br has several activities which aim to help our constituency to prevent as well as better handle computer security incidents:
There are no forms available. Please refer to section 2.7.
While every precaution is taken in the preparation of information and notifications, CERT.br assumes no responsibility for errors or omissions, or for damages resulting from the use of the information provided.
$Date: 2024/01/12 15:54:06 $