SIRTFI

What is SIRTFI?

SIRTFI (Security Incident Response Trust Framework for Federated Identity) provides a lightweight framework to request and provide security incident response assistance, publish security incident contact information and review your service’s security incident capability.

Why does my organisation need to use SIRTFI?

SIRTFI is an important global framework covering good practice for communicating about security incidents in an effective and timely manner. SIRTFI helps security contacts know who to contact in other organisations and the best channels to use. The SIRTFI framework is an initiative of REFEDS.

How does my organisation assert SIRTFI?

• Step 1: Read and understand the SIRTFI framework requirements.
  - Go to SIRTFI
  - View the SIRTFI Framework
• Step 2: Self-assess your organisational capability against the SIRTFI requirements
• Step 3: Provide your security contact information to the AAF to share with security contacts in other federations.
  - Update your contact details in Federation Manager or contact AAF Support
  - Notify AAF Support that you have met the SIRTFI requirements.
• Step 4: Notify AAF Support when contact details change.

SIRTFI Framework

The SRTFI framework requires organisations to self-assess against the following areas:

Traffic Light Protocol

Organisations within the SIRTFI community agree to provide a coordinated response to security incidents, including assisting other organisations as required. SIRTFI requires organisations to understand and use the Traffic Light Protocol (TLP) for security incident communications. For more information about TLP, go to the Cybersecurity & Infrastructure Security Agency