RFC 2350 gematik CERT
Version: 0.3
Date: 28 Jul 2020 12:00:00 +0200
Contact: mailto:cert@gematik.de

1. Document information
This document contains a public description of gematik CERT according to RFC 2350. 
It provides basic information about the CERT, the ways it can be contacted, 
and describes its responsibilities plus the services offered.


1.1 Date of last update
28 Jul 2020 12:00:00 +0200

1.2 Distribution list for notifications
There are no public distribution lists for notifications as of 2020/07.

1.3 Locations where this document may be found
The current version of this document can always be found at: https://https://www.gematik.de/fileadmin/user_upload/gematik/files/Kompetenzen/rfc2350-gematik-CERT.TXT

2. Contact information
2.1 Name of the team
gematik CERT 

2.2 Address
gematik GmbH
gematik CERT
Friedrichstrasse 136
10117 Berlin, Germany

2.3 Time zone
We are located in the central European timezone (CET) which is GMT+0100 (+0200/CEST during summer time in Europe).

2.4 Telephone number
+49 30 400 41 500
Please observe that the above published telephone number is solely intended for communication related to critical security incidents.

2.5 Facsimile number
+49 30 400 41 111

2.6 Other telecommunication
None. ## 

2.7 Electronic mail address 
Please send incident reports to mailto:cert@gematik.de
We recommend to use encrypted communication. 

2.8 Public keys and encryption information

gematik CERT uses a S/MIME or PGP key accessible via:
https://www.globaltrustpoint.com 
 
3. Charter
3.1 Mission statement
The purpose of gematik Cert is to coordinate security efforts and incident response for IT-security related to the Telematikinfrastruktur and its constituents. 

3.2 Constituency
gematik CERT's constituency is defined by the Telematikinfrastruktur, its operators and involved interest groups.

3.3 Sponsorship and/or affiliation
gematik CERT is an internal unit of gematik GmbH and is solely financed and supported by the latter.

3.4 Authority
The main purpose of gematik CERT is the coordination of incident response and operative incident handling with companies and administrative bodies facilitating and using the Telematikinfrastruktur.

gematik CERT has direct authority over the Telematikinfrastruktur according to §291b SGB V of german law.

4. Policies
4.1 Types of incidents and level of support
gematik CERT addresses all kinds of security incidents which occur, or threaten to occur, within its constituency and which require cross-organisational coordination.

The level of support depends on the type and severity of the given security incident, the impact for affected companies and persons within our constituency, the size of the user community affected and our resources at the time. Special attention will be given to issues affecting critical infrastructure.

We expect end users to contact their local systems or network administrators or their local security contacts.

4.2 Co-operation, interaction and disclosure of information
gematik CERT highly regards the importance of operational cooperation and information-sharing between Computer Emergency Response Teams, and also with other organizations which may contribute towards or make use of their services.
gematik is part of the public private partnership for critical infrastructure protection (UP Kritis) and joint higher level contact point (GÜAS) for the Telematikinfrastruktur.

gemaitk CERT operates in strict compliance with German and/or EU legislation.

4.3 Communication and authentication
gematik CERT makes use of common cryptographic methods to ensure the confidentiality and integrity of communications. S/MIME is available for general communication via email.

5. Services
5.1 Incident response
gematik CERT is able to perform operative incident handling for Actors facilitating the Telematikinfrastruktur. The tasks include detection of security incidents, artifact collection and artifact analysis.

5.1.1. Incident triage
gematik CERT provides the following services supporting incident triage:   
    Determining whether an incident is authentic.
    Assessing and prioritizing the incident. 

5.1.2. Incident coordination
gematik CERT provides the following services supporting incident coodination:   
    Determine the involved organizations.
    Contact the involved organizations to investigate the incident and take the appropriate steps.
    Facilitate contact to other parties which can help resolve the incident.

5.1.3. Incident resolution
gematik CERT provides the following services supporting incident resolution:   
    Advise local security teams on appropriate actions.
    Follow up on the progress of the concerned local security teams.
    Ask for reports.
    Report back .

5.2 Proactive activities
gematik CERT offers up-to-date information about security vulnerabilities to its internal constituents. Besides, the team continuously develops new tools for incident detection and investigation.

6. Incident reporting forms
There are no public forms available. All communication should be directed to mailto:cert@gematik.de. We recommend any communication related to security incidents or vulnerabilities to be encrypted by S/MIME tools. 

7. Disclaimers
While every precaution will be taken in the preparation of information, notifications and alerts, gematik CERT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.


© 2020 gematik GmbH