Most of the sensitive and trusted services provided by the TI are only available to accredited and certified teams. But right from the beginning some services have been made available to the public also, most notably the team directory, as all teams and all effected sites benefit from widely available point of contact information.
The following details provide you with an overview of all services.
- Public Access:
For the benefit of the public and all non-member teams the basic information about all teams registered by the TI are presented. The information about Accredited and Certified teams is pro-actively maintained - the information about other teams listed is provided on best-effort basis. The basic information provides the point of contact (telephone, email, cryptographic keys) but does not allow any detailed understanding of the team's policies or services.
- Access for Listed Teams:
Listed teams have the same access to the team directory as the public. But the teams are welcome to provide suitable updates of their point of contact information whenever changes occur. To support such updates, the self-service interface is made available for the representatives of listed teams. This self-service interface will also be used to provide more information once a team decides to become an accreditation candidate.
- Access for Members (Accredited or Certified):
The members website additionally offers in-depth operational data of all Accredited and Certified teams, which is pro-actively maintained and must be approved every four month by the teams itself. This is supported via the self-service interface, which is also used to register individuals as team members and request X.509 user certificates for all.
- Listing of new teams:
Any legitimate team who delivers substantial incident management services can be registered by the TI to become "Listed". Listing includes the provisioning of basic information regarding the team's constituency and it's contact information. This basic set will be made available on the public website and on the member's restricted web site.
- Role of Members (Accredited or Certified):
Only members can provide support for listing candidates, raise objections or suggest new candidate teams for listing. The voting is facilitated via the self-service interface.
- Accredition of Listed Teams:
Only listed teams can apply for TI Accreditation.
- Role of Members (Accredited or Certified):
Only members can provide support for accreditation candidates, raise objections or suggest new candidates.
Open and Secure Mailing Lists
Restricted and encrypted mailing lists are available for accredited/certified teams and their team representatives. In addition a restricted but not encrypted mailing list is available for administrative purposes and open discussions for those teams.
To facilitate the communication with the listed teams an additional restricted but not encrypted mailing list is available as well. All listed teams are automatically subscribed with their team email address (or any other email address as provided by the listed team).
- Trainings are usually open to the public.
- Listed Teams can send their team members to open TF-CSIRT Meetings.
- Members can attend the open TF-CSIRT Meetings and closed TI Meetings adjacent to the TF-CSIRT Meetings.
More Services for Members
All other services are by design restricted to the members, as they finance these services. Most importantly from the viewpoint of operational teams are the following:
- Certification - Only accredited teams can apply for TI Certification
- Secure Out-of-Band Alerting System - Restricted and protected alerting services using state of the art mobile communication as well as traditional telephone communication are operated to provide crisis communication independently of the Internet.
- Secure IRC Server - Restricted and protected IRC-based discussions to enable realtime collaboration on "burning" issues.
- Public Key Infrastructure - Member team representatives as well as individual team members get X.509 user certificates in order to gain access to restricted and protected services and interfaces.
- GPG/PGP key signing - The TI offers GPG/PGP key-signing of member team's signing key and team representative keys.
- Downloads - The restricted members website offers a one-click downloadable CSV file with contact information about all teams registered by the TI, and a version with only Accredited and Certified teams. In addition GPG/PGP key rings are maintained and made available. You can easily integrate this information in a team's information system or in a team's trouble ticket system.
- TI Compendium - The restricted members website offers a Compendium, which enables a quick orientation on teams and offers useful views on a selectable subset of teams.