The following profile of CERT.to has been established in adherence to RFC-2350.
1. Document Information
1.1. Date of Last Update
This is version 1.0 of July, 1, 2016.
1.2. Distribution List for Notifications
Changes to this document are not distributed by a mailing list. Any specific questions or remarks please address to the email@example.com mail address.
2. Contact Information
2.1. Name of the Team
Tonga National CERT
PO Box 33
Tonga Cable Limited
Kingdom of Tonga
2.3. Time Zone
UTC/GMT + 13 hours
2.4. Telephone Number
2.5. Facsimile Number
2.6. Other Telecommunication
2.7. Electronic Mail
Incident Report : firstname.lastname@example.org
Non-Incident Report : email@example.com
2.8. Public Keys and Encryption Information
2.9. Team Members
A full list of CERT.to team members is not publicly available. Team members will identify themselves to the reporting party with their full name in an official communication regarding an incident.
2.10. Other Information
2.11. Points of Customer Contact
In any case use CERT.to mail address, firstname.lastname@example.org
Our regular response hours (local time, save public holidays in Tonga) are everyday of the week from 08:30 – 19:30
Outside these hours the Duty Officer is available for incidents and can be reached at (+676 2378)
3.1. Mission Statement
CERT.to’s vision and mission statement are defined in the CERT.to TOR. The operations are detailed in the CERT.to and are reviewed annually as part of the planning of the Tongan government. A brief summary of the goal of CER.to:
CERT.to is the National Computer Emergency Response Team in Kingdom of Tonga. Public and private parties, acting within their statutory scope, collect information, knowledge and expertise in the National Computer Emergency Response Team, which will help improve understanding of developments, threats, and trends and help parties deal with incidents and make decisions in crises. The main tasks include:
Coordination in case of ICT-related incidents such as data leakage, computer viruses, hacking and vulnerabilities in applications and hardware; Proactive action to prevent ICT-related incidents or to prepare for such incidents and reduce the impact.
The constituency of CERT.to in the Kingdom of Tonga consists of government organizations, private organization and also Tonga citizens.
3.3. Sponsorship and/or Affiliation
The Tonga National CERT (CERT.to) is the center for expertise on cyber security and incident response of the Tongan government. It is aimed at preventing ICT and internet related incidents and coordinates response to these incidents.
CERT.to is established on 8 July 2016 and operates to deal with computer security problems and their prevention, within its constituency.
CERT. to is part of the Ministry of Energy Information Disaster Environment Communication and Climate Change (MEIDECC) and consists of a general manager and 2 teams for incident response, knowledge services and organizational development.
The main purpose in incident handling is the coordination of incident response. As such, we advise constituents and have no authority to demand certain actions.
4.1. Types of Incidents and Level of Support
CERT. to handles various types of security incidents. The level of support depends on the type of the incident and the severity as determined by CERT. to staffs.
4.2. Co-operation, Interaction and Disclosure of Information
All incoming information is handled confidentially by CERT.to, regardless of its priority. Information that is evidently very sensitive in nature is only communicated en stored in a secure environment, if necessary using encryption technologies.
CERT. to will use the information you provide to help solve security incidents. Information will only be distributed further to other teams and members on a need-to-know base, and preferably in an anonymized fashion.
CERT. to understands the Traffic Light Protocol (TLP) for classifying information
4.3. Communication and Authentication
The preferred method of communication is via e-mail. When the content is sensitive enough or requires authentication, the CERT.to PGP key is used for signing e-mail messages. All sensitive communication to CERT.to should be encrypted against the team’s PGP key.
Incident response provides 24/7 availability to coordinate recovery from all types of ICT related incidents and consists of expertise, tools and other capabilities to act, analyse and communicate with stakeholders and media.
5.1.1. Incident Triage
* Investigating whether indeed an incident occurred.
* Determining the extent of the incident.
5.1.2. Incident Coordination
* Determining the initial cause of the incident.
* Facilitating contact with other sites which may be involved.
* Communicate with stakeholders and media
5.1.3. Incident Resolution
* Providing advice to the reporting party that will help removing the vulnerabilities that caused the incident and securing the systems from the effects of the incidents.
* Evaluating which actions are most suitable to provide desired results regarding the incident resolution.
* Provide assistance in evidence collection and data interpretation when needed.
5.2. Proactive Activities
Prevention and preparation consists of all activities aimed at reducing the probability or impact of an incident for the constituents. CERT.to provides the constituents with current information and advise on new threats, and attacks which may have impact on their operations and builds awareness and skills of employees. CERT.to provides alerts and practical advice to the public and small enterprises via the alerting service www.cert.to
6. Incident Reporting Forms
The forms required to report an incident is download from CERT.to website.
While every precaution will be taken in the preparation of information, notifications and alerts, CERT.to assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.