RFC-2350

The following CSIRT- RD Dominican Republic profile has been established in compliance with RFC-2350.

Leer este post en español

1. DOCUMENT INFORMATION

  1. 1.1. Date of last updated
    1. This is version 2.0 as of December 9, 2024.
  2. 1.2. Distribution list for notifications
    1. Changes to this document are not distributed by a mailing list. Any specific questions or comments, please go to the email address contacto@csirt.gob.do

2. CONTACT INFORMATION

    1. 2.1. Team name
      1. National Cyber Incident Response Team, CSIRT-RD
    2. 2.2. Time zone
      1. UTC / GMT -4 hours
    3. 2.3. Other telecommunications
      1. No
    4. 2.4. Email
      1. Incident Report: incidentes@csirt.gob.do
      2. 3073 8B9F F322 05FA 60AD 59CB 92EB 51BD 373F 9423
        General Information: info@csirt.gob.do
    5. 2.5. Team members
      1. A complete list of CSIRT-RD team members is not publicly available. Team members will be identified in front of the reporting party with their full name in an official communication about an incident.
    6. 2.6. Other information
      1. General information on the services provided by CSIRT-RD and on the agency itself are published on the web portal cncs.gob.do
  1. 2.7. Customer contact points
    1. For any communication, please use the email info@csirt.gob.do. Our regular response schedule is every day of the week from 08:30am to 05:00pm. Outside these hours, the Shift Officer is available for incidents and mail can be contacted incidentes@csirt.gob.do

3. LETTER

  1. 3.1. Mission
    1. CSIRT-RD is the National Cyber Incident Response Team, attached to the National Cybersecurity Center (CNCS), created by Decree 230-19 on June 19, 2018. Your mission is to ensure the establishment of appropriate cybersecurity mechanisms that protect the state and national security through continuity, update and evaluation of the National Cybersecurity Strategy,the formulation of policies derived from this strategy and the definition of initiatives, programs and projects that lead to the successful realization of the strategy, as well as the prevention, detection and management of incidents generated in government information systems and in national critical infrastructures. Being the national alert and response center that cooperates and helps respond quickly and efficiently to cyberattacks, actively address cyberthreats, including national coordination of different incident response and decision-making capabilities in crisis.
  2. 3.2. Constituency
    1. CSIRT-RD operates under the National Cybersecurity Center (CNCS), under the authority of the Executive Director and the Board of Directors. 
  3. 3.3. Sponsorship and/or Affiliation
    1. CSIRT-RD is the Dominican government’s center of expertise in cyber security and incident response. Aimed at preventing ICT and internet-related incidents. It is part of the Ministry of the Presidency and the National Cybersecurity Center, consisting of the technical director and incident management analysts.
  4. 3.4. Authority
    1. CSIRT-RD operates within the National Cybersecurity Center (CNCS), under the authority of the Executive Director and the Board of Directors. 

4. POLICIES

  1. 4.1. Types of incidents and level of support
    1. CSIRT-RD performs tasks to prevent and respond to a variety of incidents affecting its constituency, including:
    2. -Malicious Code
      -Availability Issues
      -Information Theft
      -Intrusions
      -Information Compromise
      -Fraud
    1. Incident severity leves determine the service response time:
    1. -CRITICAL: 15 minutes
    2. -HIGH: 30 minutes
    3. -MEDIUM: 3 hours
    4. -LOW: 7 hours
  3. 4.2. Cooperation, interaction and dissemination of information
    1. CSIRT-RD uses the TLP protocol to facilitate secure information exchange and handles all received data confidentially. Sensitive information is stored and communicated only in secure environments and, if necessary, protected with encryption technologies.
      All information provided to CSIRT-RD is used exclusively for resolving security incidents and shared only on a need-to-know basis, preferably anonymously. 
  4. 4.3. Communication and authentication
    1. Our preferred method of communication is by email. For secure communication, we use the following PGP key: 3073 8B9F F322 05FA 60AD 59CB 92EB 51BD 373F 9423.

5. SERVICES

  1. Incident response provides 24/7 availability to coordinate the recovery of all types of ICT-related incidents and consists of expertise, tools, and other capabilities to act, analyze, and communicate with stakeholders and the media.
  1. 5.1.1 Classification of the Incident
    1. – Investigate whether an incident actually occurred.
      – Determination of the extent of the incident.
      – Evaluation and comparison of the incident with historical.
  2. 5.1.2. Coordination of incidents
    1. – Determine the initial cause of the incident.
      – Facilitate contact with other sites that may be involved.
      – Communicate with stakeholders and the media
  3. 5.1.3. Incident Resolution
    1. – Provide advice to the reporting party that will help eliminate the vulnerabilities that caused the incident and protect the systems from the effects of incidents.
      – Evaluate which actions are best suited to provide the desired results regarding incident resolution.
      – Provide assistance in the collection of evidence and interpretation of data where necessary.
  4. 5.2. Proactive activities
    1. Proactive activities aim to reduce the likelihood or impact of incidents on constituents. CSIRT-RD provides updated information and advice on new threats and attacks, raises awareness and skills among employees, and issues alerts and practical advice to the public and small businesses through https://cncs.gob.do/alertas/.

6. INCIDENT NOTIFICATION FORMS

  1. To report incident, send communication: incidentes@csirt.gob.do
  2. Alternatively, fill out the incident report form: Report an Incident
  3. For more details see, Cyber Incident Identification and Reporting Guide

7. DISCLAIMERS

  1. CSIRT-RD takes all necessary precautions in preparing information, notifications, alerts, and reports but assumes no responsibility for errors, omissions, or damages resulting from the use of the provided information.
Ir al contenido