CSIRT Description for CSI-RT ============================ 1. ABOUT THIS DOCUMENT This document contains a description of CSI-RT in accordance with RFC 2350. It provides basic information about the team, the ways it can be contacted, its responsibilities and the services it offers. 1.1 Date of Last Update This is version 1.1, published 19 May 2026. 1.2 Distribution List for Notifications There are no distribution lists for this document. 1.3 Locations where this Document May Be Found The current version of this document is available on the CSI-RT website at: https://csirt.csipiemonte.it/rfc2350.txt Whenever this document is updated, the new version will be published at the same location. 2. CONTACT INFORMATION 2.1 Name of the Team "CSI-RT": the Computer Security Incident Response Team of CSI Piemonte. 2.2 Address CSI-RT CSI Piemonte Corso Unione Sovietica 216 10134 Torino, Italy 2.3 Time Zone Central European Time (UTC+1), and observing Daylight Saving Time (UTC+2) from the last Sunday of March to the last Sunday of October. 2.4 Telephone Number +39 011 316 8111 2.5 Electronic Mail Address CSI-RT can be reached at csirt@csi.it. This mailbox is monitored during the team's hours of operation. 2.6 Public Keys and Other Encryption Information CSI-RT has a PGP key, whose details are as follows: User ID: CSIRT CSI Piemonte Key ID: FE9081E264B35DB5 Fingerprint: 33C9 1EC4 D072 93F2 C9A0 D758 FE90 81E2 64B3 5DB5 Key type: RSA/2048 Please use the PGP key when sending sensitive information to CSI-RT. 2.7 Team Members The CSI-RT team consists of qualified cyber security analysts, incident handlers and threat analysts. The team leader is the head of the Cybersecurity organisational unit of CSI Piemonte. 2.8 Other Information General information about CSI-RT, together with security bulletins and advisories, can be found at: https://csirt.csipiemonte.it/ 2.9 Points of Customer Contact The preferred method for contacting CSI-RT is via e-mail at csirt@csi.it. Please use PGP/GPG if you intend to send sensitive information. The CSI-RT hours of operation are generally restricted to regular business hours (09:00 - 17:00, Monday to Friday, except Italian public holidays). 3. CHARTER 3.1 Mission Statement CSI-RT is the focal point for the collection, analysis and sharing of information related to cyber threats, and for the coordination of activities to prevent and respond to cyber emergencies that could harm the IT assets of CSI Piemonte and its constituency. The purpose of CSI-RT is, first, to assist the members of the CSI Piemonte constituency in implementing proactive measures to reduce the risk of information security incidents, and second, to assist them in responding to such incidents when they occur. 3.2 Constituency The constituency of CSI-RT is composed of CSI Piemonte and the public administration bodies that are members of the consortium. 3.3 Sponsorship and/or Affiliation CSI-RT is part of the CSI Piemonte organisation and maintains contacts with CSIRT Italia, the national Computer Security Incident Response Team, and with the competent law enforcement agencies. CSI-RT is an accredited member of the Trusted Introducer service. 3.4 Authority CSI-RT operates under the auspices of, and with authority delegated by, the Cybersecurity organisational unit of CSI Piemonte. The mandate, constituency, authority and responsibilities of CSI-RT are formally defined in its Team Charter. 4. POLICIES 4.1 Types of Incidents and Level of Support CSI-RT is authorised to address all types of information security incidents which occur, or threaten to occur, within its constituency. The level of support given by CSI-RT will vary depending on the type and severity of the incident, the type of constituent affected, the size of the user community affected, and the resources of the team at the time. 4.2 Co-operation, Interaction and Disclosure of Information While there are legal and ethical restrictions on the flow of information from CSI-RT, the team acknowledges its indebtedness to, and declares its intention to contribute to, the spirit of co-operation that created the Internet. Appropriate measures will be taken to protect the identity of the members of the constituency and of neighbouring sites where necessary. Subject to this, CSI-RT will share information freely when this assists others in resolving or preventing security incidents. CSI-RT operates within the European and Italian legal frameworks concerning the handling and disclosure of information. Telephone and unencrypted e-mail are considered sufficiently secure for the transmission of low-sensitivity information. Where sensitive information must be transmitted by e-mail, PGP/GPG will be used. Network file transfers are treated, for these purposes, in the same way as e-mail. CSI-RT recognises and supports the Traffic Light Protocol (TLP) for the classification and controlled sharing of sensitive information. 5. SERVICES 5.1 Information Security Event Management CSI-RT collects, monitors and analyses security events from the monitoring systems of the constituency and from user reports. Events are triaged and classified in order to identify potential threats and anomalies and to determine whether escalation to incident management is required. 5.2 Incident Management CSI-RT assists the affected constituents in handling the technical and organisational aspects of security incidents. It provides support with respect to the following activities: - incident triage and qualification; - incident coordination; - incident analysis, including forensic analysis where required; - incident resolution and recovery support. Specific handling procedures are in place for critical scenarios, such as ransomware and personal data breaches. 5.3 Vulnerability Management CSI-RT supports the identification, assessment and remediation of vulnerabilities affecting the systems of the constituency. This includes vulnerability assessments, penetration testing and the coordination of remediation activities such as patching, hardening and the adoption of mitigating measures. 5.4 Situational Awareness CSI-RT collects and analyses information on the cyber threat landscape from internal and external sources, including threat intelligence feeds, security advisories and information-sharing communities. Relevant information is disseminated to the constituency, together with guidance on how to mitigate threats and respond to incidents. 5.5 Knowledge Transfer CSI-RT promotes cyber security awareness and competence across its constituency through the publication of security bulletins and advisories, training activities and awareness initiatives. 6. INCIDENT REPORTING FORMS CSI-RT does not provide any public form for reporting incidents. Please report security incidents via encrypted e-mail to csirt@csi.it. When reporting an information security incident to CSI-RT, please provide at least the following information: - contact details and organisational information; - type and description of the incident; - date and time of the reported event, including the time zone; - any relevant technical element, with the associated observations. Please classify the information using the Traffic Light Protocol and always include your own contact information. 7. DISCLAIMERS While every precaution is taken in the preparation of information, notifications and alerts, CSI-RT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained in this document.