Statement - Entity (IdP and SP) complies with the requirements of the Sirtfi v1.0 trust framework.

What is SIRTFI?

The REFEDS Security Incident Response Framework v1.0 (SIRTFI) enables coordinated response to security incidents in a federated context that does not depend on a centralized authority or governance structure to assign roles and responsibilities for doing so. It does so through a set of self-asserted capabilities and roles associated with an IdP or SP organization’s federated entities.

Who does this apply to?

This requirement applies to all entities (IdPs and SPs) registered with the InCommon Federation. 

SIRTFI only applies when an incident involves access to federated resources. 

How do I meet this requirement?

To meet this requirement, the operator of the IdP or SP agrees to adopt the practices outlined in the REFEDS Security Incident Response Framework v1.0 (Sirtfi; https://refeds.org/wp-content/uploads/2016/01/Sirtfi-1.0.pdf).

In addition, the relevant site administrator or delegated administrator must acknowledge this agreement by checking the appropriate Sirtfi checkbox when registering an entity in the InCommon Federation. The site administrator or delegated administrator also must make sure that the Security Contact registered in the metadata can function as the incident contact described in the SIRTFI framework  (see 2.2 Incident Response)