Statement - Entity (IdP and SP) complies with the requirements of the Sirtfi v1.0 trust framework.

What is

SIRTFI?

(copied from the Sirtfi framework document) 

The Sirtfi trust framework is a means by which to enable a The REFEDS Security Incident Response Framework v1.0 (SIRTFI) enables coordinated response to a security incident incidents in a federated context that does not depend on a centralized authority or governance structure to assign roles and responsibilities for doing so. It defines does so through a set of self-asserted capabilities and roles associated with security incident response that an IdP or SP organization self-asserts. The Sirtfi trust framework posits that organizations asserting conformance with these will coordinate their response to security incidents using processes to be defined elsewhereorganization’s federated entities.

Who does this apply to?

This requirement applies to all entities (IdPs and SPs) registered with the InCommon Federation. 

SIRTFI only applies when an incident involves access to federated resources. 

How do I meet this requirement?

To meet this requirement, the operator of the IdP or SP agrees to adopt the practices outlined in the REFEDS Security Incident Response Framework v1.0 (Sirtfi; https://refeds.org/wp-content/uploads/2016/01/Sirtfi-1.0.pdf).  

In addition, the relevant site administrator or delegated administrator must acknowledge this agreement by checking the appropriate Sirtfi checkbox when registering an entity in the InCommon Federation. The site administrator or delegated administrator also must make sure that the Security Contact registered in the metadata can function as the incident contact described in the Sirtfi framework  SIRTFI framework  (see 2.2 Incident Response)