Statement - Entity (IdP and SP) complies with the requirements of the Sirtfi v1.0 trust framework.

What is Sirtfi?

(copied from the Sirtfi framework document) 

The Sirtfi trust framework is a means by which to enable a coordinated response to a security incident in a federated context that does not depend on a centralized authority or governance structure to assign roles and responsibilities for doing so. It defines a set of capabilities and roles associated with security incident response that an IdP or SP organization self-asserts. The Sirtfi trust framework posits that organizations asserting conformance with these will coordinate their response to security incidents using processes to be defined elsewhere.

Who does this apply to?

This requirement applies to all entities (IdPs and SPs) registered with the InCommon Federation.

How do I meet this requirement?

To meet this requirement, the operator of the IdP or SP agrees to adopt the practices outlined in the REFEDS Security Incident Response Framework v1.0 (Sirtfi; https://refeds.org/wp-content/uploads/2016/01/Sirtfi-1.0.pdf). 

In addition, the relevant site administrator or delegated administrator must acknowledge this agreement by checking the appropriate Sirtfi checkbox when registering an entity in the InCommon Federation. The site administrator or delegated administrator also must make sure that the Security Contact registered in the metadata can function as the incident contact described in the Sirtfi framework  (see 2.2 Incident Response)