1. About this document
This document contains a description of the “Computer Security Incident Response Team della Regione Emilia-Romagna (CSIRT-RER)” in accordance with RFC 2350 specification. It provides basic information about the CSIRT-RER and describes its responsibilities and the services it offers. This document may be shared without restriction.
1.1     Date of Last Update
This is version 1 published 2024/12/24
1.2     Distribution List for Notifications
There is no distribution channel to notify changes in this document. Changes are announced in https://csirt-rer.lepida.it
1.3     Locations where this Document May Be Found
The current version of this document is available at: https://csirt-rer.lepida.it
Please make sure you are using the latest version.
1.4     Document Identification
Title "CSIRT-RER_RFC2350_EN"
Version: 1.0
Document Date: 2024-12-24
Expiration: this document is valid until superseded by a later version


2. Contact Information
2.1 Name of the Team
Official name: Computer Security Incident Response Team della Regione Emilia-Romagna
Short name: CSIRT-RER
2.2 Address
Computer Security Incident Response Team della Regione Emilia-Romagna
Lepida S.c.p.A.
Via della Liberazione 15
40128 Bologna
Italy
2.3 Time Zone
CET - Central Europe (GMT+1, and GMT+2 from the last Sunday of March to the last Sunday of October)
2.4 Telephone Number
Not disclosed
2.5 Fax Number
None
2.6 Other Telecommunication
The constituency of the CSIRT-RER shall communicate with the team members via email.
2.7 Electronic Mail Address
csirt-rer [at] lepida [.] it
This is an email alias that relays emails to the operator(s) on duty for the CSIRT-RER.
2.8 Public Keys and Other Encryption Information
None
2.9 Team Members
The CSIRT-RER operates as a local CSIRT for Emilia-Romagna region. The team is made up of Cyber Security Analysts, Threat Analysts and Incident Responders.
2.10 Other Information
General information about the CSIRT-RER can be found at: https://csirt-rer.lepida.it/chi-siamo
2.11 Points of Customer Contact
General reports and requests to the CSIRT-RER can be done via email at csirt-rer [at] lepida [.] it. The mailbox is monitored during hours of operation.
Incident notifications and requests for support can be done during hours of operation via email at incidenti.csirt-rer [at] lepida [.] it or 24/7 via a telephone number provided only to a restricted group of users. 


3. Charter
3.1 Mission Statement
The CSIRT-RER provides information and assistance to its constituency in implementing proactive measures to reduce the risks of computer security incidents as well as responding to such incidents when they occur.
The CSIRT-RER also ensures efficient cooperation between CSIRT Italia and members of its constituency.
3.2 Constituency
The CSIRT-RER constituency involves:
* Regione Emilia-Romagna;
* Agenzia Regionale per le Erogazioni in Agricoltura (AGREA), Agenzia Regionale per la Sicurezza Territoriale e la Protezione Civile (ARSTPC), Agenzia Regionale per lo Sviluppo dei Mercati Telematici (INTERCENTER), Agenzia Regionale per il Lavoro;
* Local Administrations of the region that signed the “Community Network of Emilia-Romagna” Convention.
3.3 Authority
The CSIRT-RER authority derives from the resolution of Regione Emilia-Romagna n. 663 of 2022/04/28.


4. Policies
4.1      Types of Incidents and Level of Support
The CERT-RER is responsible for addressing all types of computer security incidents occurring within its constituency providing assistance or advice.
The level of support given by the CSIRT-RER varies depending on the type and severity of the incident or issue and the CSIRT-RER's resources at the time.
Please note that no direct support is given to end users; they are expected to contact their system administrator, network administrator, or department head who will, in turn, be supported by the CSIRT-RER.
4.2 Co-operation, Interaction and Disclosure of Information
The CSIRT-RER highly regards the importance of technical and operational cooperation and information sharing among CSIRTs and other organizations which may contribute towards or make use of their services.
General incident-related information such as names and technical details is not published without agreement of the named parties. If agreed otherwise, supplied information is kept confidential.
The CSIRT-RER shares with other interested parties the information it receives, anonymized if possible, in order to solve or prevent security incidents and/or to handle specific security issues.
Therefore, such information might be shared with entities such as:
* Affected parties in its constituency;
* National Cybersecurity Agency (ACN) and CSIRT Italia;
* Italian law enforcement agencies (if required by law or on request from information source).
The CSIRT-RER operates within the limits imposed by Italian and European legislation and protects sensitive information in accordance with relevant regulations and policies within Italia and the EU. In particular, the CSIRT-RER respects the sharing boundaries applied by originators of the transmitted information ("originator control") and ensures the confidentiality of its sources to the largest possible extent.
4.3 Communication and Authentication
All sensitive communications sent to the CSIRT-RER should be encrypted by the sender.
The CSIRT-RER recognizes and supports the TLP (Information Sharing Traffic Light Protocol).


5. Services
5.1 Incident Response
The CERT-RER is responsible for providing assistance or advice to respond to computer security incidents occurring within its constituency.
5.2 Proactive Activities
The CSIRT-RER provides to its constituency the following proactive services:
* security event monitoring;
* vulnerability assessments;
* cyber threat intelligence and information sharing;
* security posture assessments;
* policy advisoring;
* training and exercises.
5.3 Reactive Activities
The CSIRT-RER provides to its constituency the following reactive services:
* alerts and warnings;
* incident analysis;
* forensic analysis;
* artifact analysis;
* incident response;
* incident response coordination.


6. Incident Reporting Forms
Incident notifications and requests for support can be done during hours of operation via email at incidenti.csirt-rer [at] lepida [.] it or 24/7 via a telephone number provided only to a restricted group of users.


7. Disclaimers
The CSIRT-RER is not responsible for errors or omissions, or for damages resulting from the use of the information contained in its alerts, warnings and reports.