CSIRT Description for CERT-CDCFR

1. Document Information
This document contains a description of CERT-CDCFR according to RFC 2350. It provides information about the CERT, how to contact the team, and describes its responsibilities and the services offered by CERT-CDCFR - Caisse des dépôts.

1.1 Date of Last Update
This version was last updated on 2023-06-26.

1.2 Distribution List for Notifications
There is no distribution list for notifications.

1.3 Locations where this Document May Be Found
The current version of this document can be found at:
https://cert.caissedesdepots.fr/CERT/RFC2350-CERT-CDCFR.txt

1.4 Document Authenticity
This document can be retrieved from our webserver using TLS/SSL also signed by the CERT PGP certificate:
https://cert.caissedesdepots.fr/CERT/RFC2350-CERT-CDCFR.txt.sig

2. Contact Information
This section describes how to contact CERT-CDCFR.

2.1 Name of the Team
CERT Caisse des dépôts
Short name : CERT-CDCFR

2.2 Address
CERT Caisse des Dépôts
Informatique CDC
DG Sécurité
4 rue Berthollet
94110 Arcueil

2.3 Time Zone
CEST / Central European Summer Time,

2.4 Telephone Number
+33 (0)6 07 34 86 54

2.5 Facsimile Number
None available.

2.6 Other Telecommunication
None.

2.7 Electronic Mail Address
CERT@caissedesdepots.fr

2.8 Public Keys and Encryption Information
Our current PGP-Key may be obtained by sending a request by mail for that at cert@caissedesdepots.fr
    Key ID : 0x6EC7A597
    Fingerprint : 0751 243A 3B2A 2610 A654 C490 C740 D270 6EC7 A597

2.9 Team Members
The Team leader is Etienne Baudin. The team consists of IT security analysts.

2.10 Other Information
The CERT-CDCFR Portal is available at: https://cert.caissedesdepots.fr

2.11 Points of Customer Contact
CERT-CDCFR prefers to receive incident reports via e-mail. Please use our cryptographic keys above to ensure integrity and confidentiality.
CERT-CDCFR's hours of operation are restricted to regular business hours (09:00-18:00 Monday to Friday), all year long.

3. Charter
Within this section our mandate is described.

3.1 Mission Statement
CERT-CDCFR's mission is to coordinate and investigate IT security incident response for the Caisse des Dépots organization.
The CERT-CDCFR will investigate any security incident that may involve the CDC group entity as a source or target of an attack or any cyber-threat.

3.2 Constituency
Our constituency is composed of Caisse des Dépôts and some subsidiaries.

3.3 Sponsorship and/or Affiliation
CERT-CDCFR is the Computer Security Incident Response Team (CSIRT) for the Caisse des Dépots Group.

CERT-CDCFR is accredited at TF-CSIRT and a member of InterCERT France (https://www.intercert-france.fr/).

3.4 Authority
We coordinate security incidents concerning our constituency.

4. Policies
This section describes our policies.

4.1 Types of Incidents and Level of Support
CERT-CDCFR addresses all kinds of security incidents which occur, or threaten to occur, within its constituency.

The level of support depends on the type and severity of the given security incident, the amount of affected entities within our constituency, and our resources at the time.
Usually our first response comes on the same working day during working hours, if not it will be on the following working day.

4.2 Co-operation, Interaction and Disclosure of Information

CERT-CDCFR will exchange all necessary information with other CSIRTs as well as with other affected parties if they are involved in the incident or incident response process.

No incident or vulnerability related information will be given to anyone else. French law enforcement personnel requesting information in the course of a criminal investigation will be given the requested information within the limits of the court order and the criminal investigation, if they present a valid court order from a French court.

4.3 Communication and Authentication

All e-mails sent to the CERT CDCFR should be signed using PGP. All e-mails containing confidential information should be encrypted and signed using PGP. Information received in encrypted form should not be stored permanently in unencrypted form.

For other communication, a phone call, postal service, or unencrypted e-mail may be used.
CERT-CDCFR supports the Information Sharing Traffic Light Protocol (TLP).

5. Services
This section describes the services CERT-CDCFR offers.

5.1 Reactive Activities
The team offers the following services :
- Incident analysis
- Incident response support
- Incident response coordination
- Digital Forensics

5.2 Proactive Activities
The team offers the following services :
- Intrusion detection services
- Threat Intelligence
- Security Watch
- Awareness building


6. Incident Reporting Forms

We do not have an incident reporting form. Please report security incidents via encrypted e-mail to cert@caissedesdepots.fr.
Vulnerability disclosure shall be declared at https://vdp.caissedesdepots.fr/.

Incident reports should contain the following information:
    Incident date and time (including time zone)
    Source IPs, ports, and protocols
    Destination IPs, ports, and protocols
    And any relevant information

7. Disclaimers

This document is provided 'as is' without warranty of any kind, either expressed or implied, including, but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement.

If you notice any mistakes within this document please send a message to us by e-mail. We will try to resolve such issues as soon as possible.