Page tree
Skip to end of metadata
Go to start of metadata

Jump to: 

What is Sirtfi?

The Security Incident Response Trust Framework for Federated Identity (Sirtfi) is an international standard to enable the coordination of incident response across federated organizations. The standard was developed by the international federation operators organization REFEDS and is documented at https://refeds.org/sirtfi.

Sirtfi provides a framework for effective incident response collaboration among federation and interfederation participants. One compromised account can create a security problem for a multitude of services across the interfederation community. When an organization complies with the SIRTFI framework, it agrees to participate in a federated incident response process.  Sirtfi stipulates high-level practices and procedures, and identifies organizations that are capable of participating in a federated incident handling process. Federation participants that comply with Sirtfi are marked in the federation’s metadata, raising the bar for operational security across federations.

What does it mean to be compliant with Sirtfi?

REFEDS, an organization of federation operators and participants from around the world, has published the Sirtfi framework, which specifies a set of assertions that comprises SIRTFI compliance. The assertions are divided into four areas: operational security, incident response, traceability, and participant responsibilities. Details are available on the REFEDS website (PDF). An organization agrees to abide by these assertions, which is demonstrated by the relevant Identity Provider or Service Provider metadata carrying the SIRTFI assurance entity attribute, and updating its security contact with the new REFEDS security contact type.

Asserting compliance with Sirtfi

To assert that your entity meets the requirements of Sirtfi, ask your InCommon Site Administrator to follow the Declare Sirtfi compliance instruction to update your metadata. 

More Information

See Incident Handling for more information about InCommon's federated incident response.