Info |
---|
|
This page has been deprecated. Please see Incident Handling for current information. |
Info |
---|
|
Note that this page contains general information about federated incident response. See Security Incident Response Trust Framework for Federated Identity (SIRTFI) Category for specific criteria for certification under the SIRTFI program (highly recommended). |
Federated identity introduces new challenges for security incident response. Federation participants should consider the impact of federated identity in their incident response practices and treat federated identity partners impacted by a security incident in a similar manner as they would local parties.
Tip |
---|
title | Recommended Practice |
---|
|
- Publish federated incident response contact information for your federated services and identity providers.
- Implement a log retention policy for federated services and identity providers.
- Document and advertise your procedure for responding to a federated security incident.
|
Incident Response Policy
Goal of this Policy
...
This material was originally developed by the CIC Identity Management Taskforce (see: CIC Federated Security Incident Response Policy).