—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

RFC 2350: CSIRT FCT
Last Revision: Carlos Friacas

1 Information about this document

1.1 Last update date
Version 4.3 published on 2025/06/11.

1.2 Distribution lists for notifications
There is no distribution channel to notify changes on this document.

1.3 Access to this document
The updated version of this document can be found at

  • https://csirt.fct.pt/images/docs/RFC2350CSIRTFCT_EN.pdf
    A Portuguese version can be found at
  • https://csirt.fct.pt/images/docs/RFC2350CSIRTFCT.pdf

1.4 Authenticity of this document
This version of CSIRT FCT’s service description is signed with CSIRT FCT’s
PGP key.

2 Contact information

2.1 Team Name
CSIRT FCT

2.2 Postal Address
Fundação para a Ciência e a Tecnologia, I.P.
FCCN Serviços Digitais FCT
CSIRT FCT
Apartado 50435
1700-001 Lisboa
Portugal

2.3 Time zone
Portugal/WEST (GMT+0, GMT+1 during summertime)

2.4 Phone Number
+351 218 440 177

2.5 Fax
Non existent

2.6 E-mail
report@csirt.fct.pt; info@csirt.fct.pt; seguranca@fccn.pt;
cert@csirt.fct.pt; security@csirt.fct.pt; abuse@csirt.fct.pt;
report@csirt.fct.pt; info@csirt.fct.pt;
cert@csirt.fct.pt; security@csirt.fct.pt; abuse@csirt.fct.pt

2.7 Other Types of Telecommunications
Nonexistent.

2.8 Public Keys and Encryption Information
CSIRT FCT’s PGP key has KeyID 0x2a0dc930fbfb7c66
and its fingerprint is 31DF D2E5 BE47 AB8D BD88 A46D 2A0D C930 FBFB 7C66.
This key can be found at the usual key servers on the Internet
such as pgp.circl.lu.

2.9 Team Members
Coordination: Carlos Friacas
Members: Filipa Macieira, Pedro Silva, João Machado, Louise Altvater
Legal advice: Miguel Andrade

2.10 Further Information
Further information about CSIRT FCT can be found at
https://csirt.fct.pt/.
Team info is also available at:

  • https://www.trusted-introducer.org/trusted-introducer/directory/teams/rcts-cert/
  • https://www.first.org/members/teams/csirt_fct

2.11 Types of contact for users
CSIRT FCT has the following types of contact (in order of preference):
E-mail for reporting security incidents:
report@csirt.fct.pt; cert@csirt.fct.pt; abuse@csirt.fct.pt; seguranca@fccn.pt
E-mail for other related issues with computer security:
info@csirt.fct.pt; security@csirt.fct.pt
Phone
+351 218 440 177

3 Charter

3.1 Mission Statement
CSIRT FCT’s central mission is contributing to the cybersecurity effort from
user communities tied to organizations connected to the Science, Technology
and Society Network (RCTS), namely through processing and coordination of
incident response, by producing security alerts and recommendations, and to
promote a cybersecurity culture.

3.2 Constituency
CSIRT FCT provides incident handling on RCTS’ (Science, Technology and
Society Network) user community context. IP address ranges within
CSIRT FCT’s scope are:

2001:690::/32
139.83.0.0/16
158.162.0.0/19
158.162.64.0/19
158.162.96.0/20
158.162.112.0/21
158.162.128.0/18
185.175.184.0/22
192.26.231.0/24
192.26.236.0/24
192.26.239.0/24
192.67.76.0/24
192.68.186.0/24
192.68.209.0/24
192.68.216.0/24
192.68.221.0/24
192.68.224.0/24
192.76.242.0/24
192.80.20.0/24
192.82.127.0/24
192.82.214.0/24
192.84.13.0/24
192.84.15.0/24
192.86.138.0/24
192.88.17.0/24
192.88.250.0/23
192.88.252.0/23
192.88.254.0/24
192.92.133.0/24
192.92.135.0/24
192.92.142.0/24
192.92.144.0/24
192.92.145.0/24
192.92.146.0/24
192.92.147.0/24
192.92.148.0/24
192.92.149.0/24
192.92.152.0/24
192.92.153.0/24
192.94.24.0/24
192.104.48.0/24
192.107.122.0/24
192.122.238.0/23
192.122.240.0/23
192.122.242.0/24
192.132.53.0/24
192.132.55.0/24
192.133.108.0/24
192.135.187.0/24
192.135.219.0/24
192.136.52.0/24
192.138.86.0/24
192.138.204.0/24
192.147.155.0/24
192.153.13.0/24
192.190.174.0/24
192.195.195.0/24
192.207.196.0/24
193.136.0.0/15
193.236.100.0/23
193.236.160.0/20
194.117.0.0/20
194.117.16.0/21
194.117.40.0/21
194.117.48.0/23
194.210.0.0/16

Incident handling is CSIRT FCT’s responsibility, on the terms foreseen at
the “Medidas de Controlo de Incidentes de Seguranca Informatica” document
(https://csirt.fct.pt/images/docs/medidas_de_controlo_de_incidentes_de_seguranca_informatica.pdf),
specifically regarding feedback timeframes, incident types, communication
means and traffic control measures contained within.

3.3 Affiliation
CSIRT FCT is a service component of RCTS – Rede Ciencia, Tecnologia e
Sociedade:

  • https://www.fccn.pt/en/quem-somos/rede-rcts-rede-ciencia-tecnologia-e-sociedade/
    CSIRT FCT is a founding member of the National CSIRT Network:
  • https://www.redecsirt.pt/#membros
    CSIRT FCT is a certified member of TF-CSIRT:
  • https://www.trusted-introducer.org/trusted-introducer/directory/teams/rcts-cert/
    CSIRT FCT is a full member at FIRST:
  • https://www.first.org/members/teams/csirt_fct
    CSIRT FCT is part of ENISA’s CERT inventory:
  • https://www.enisa.europa.eu/publications/inventory-of-cert-activities-in-europe/
  • https://www.enisa.europa.eu/topics/csirts-in-europe/csirt-inventory/certs-by-country-interactive-map

3.4 Authority
CSIRT FCT is a service component of RCTS – Rede Ciencia, Tecnologia e
Sociedade. Its authority is defined on the RCTS User Letter
(https://www.fccn.pt/media/2021/06/AUP_RegulamentoRCTS-FCCN.pdf [Portuguese
version only]), specifically on:

(Translated)

FCCN’s Responsibilities

  1. RCTS connectivity services do not implement filtering, encryption or
    others that may introduce latency into communications.
  2. By way of derogation from the previous number, FCCN’s CSIRT FCT security
    service ensures the monitoring of network operations, coordination of security
    incident response, including total or partial, temporary or definitive service
    cut actions, when these are deemed necessary for the protection of other
    USER ENTITIES, RCTS or of the Internet in general, or the management of
    vulnerabilities within RCTS.
  3. Mechanisms and measures for the mitigation of security incidents and the
    management of vulnerabilities arising from the operation provided for in the
    previous number are regulated in the standalone document “MEDIDAS DE CONTROLO
    DE INCIDENTES E EVENTOS DE SEGURANÇA INFORMÁTICA”.

4 Policies

4.1 Incident types and support level
CSIRT FCT handles all types of security incidents, and has adopted the
Portuguese National CSIRT Network Taxonomy, available at:
https://www.redecsirt.pt/files/RNCSIRT_Taxonomia_v3.3.pdf

4.2 Privacy Policy
In the scope of the CSIRT FCT activity and services, personal data is
collected and processed by the FCT – Foundation for Science and Technology,
in its FCCN Unit, which is intended exclusively for the purpose of
Execution and management of the system for IT security incidents response
within the context of all the services provided by FCCN to the research
and teaching community. For this purpose, data is collected regarding the
following categories of data subjects: RCTS network users, user entity
representatives, user entity employees, attendees in training sessions
(Workshops) and the following data categories: Identification: name
(in the context of training sessions and helping user entities); user logins
(in the context of incident response and endpoint protection); username and
passwords (in the context of phishing awareness campaigns) Contact: email
addresses; Professional IP addresses: entity where they
work/collaborate/study. This processing is lawful as it is necessary for the
performance of public interest functions in accordance with Article 6(1)(f)
and Article 6(2) of the General Data Protection Regulation – Regulation (EU)
2016/679 of the European Parliament and of the Council of 27.04.2016
(hereinafter GDPR).
In this case the public interest is based on FCT’s mission and duties set
out in Decree-Law No. 55/2013, of April 17 and article 9(1) c) of the
Annex to Ordinance No. 216/2015, of July 21, namely regarding the duties of:
Ensuring the management and operationalisation of the computer security
incident response. FCT is responsible for the processing of personal data,
with headquarters at Avenida D. Carlos I, 126, 1249-074 Lisbon, telephone:
+351 21 3924300, and it has appointed a Personal Data Protection Officer,
whose contact shall be made directly to the email address dpo@fct.pt for
all matters related to the personal data processed for this purpose.
It is further informed that the data shall be kept in accordance with
what is stipulated by law or regulation, or in the absence thereof, with
what is deemed necessary for the pursuit of the purpose.
As Data Subject, you have the right to request FCT – through any of the
contacts indicated above – to access your personal data, to rectify or
erase them, to limit the processing of your data and to request data
portability when technically possible. You may also object to the processing
or withdraw, at any time, the consent previously given, if applicable.
Without prejudice of sending a direct notification to FCT, through the
contacts available herein, data subjects may complain directly to the
National Commission for Data Protection (www.cnpd.pt), using the contacts
made available by this body for that purpose. FCT may also process personal
data for archiving purposes in the public interest, for scientific or
historical research purposes or for statistical purposes in accordance
with the principle of data minimisation, including anonymisation or
pseudonymisation, whenever the purposes can be achieved by one of these
means. Where personal data are to be processed for archiving purposes in
the public interest, for scientific or historical research purposes or for
statistical purposes, the rights of access, rectification, restriction of
processing and objection provided for in Articles 15, 16, 18 and 21 of the
GDPR shall be affected, to the extent necessary, if those rights are
likely to obstruct or seriously undermine the achievement of those purposes.
To ensure the protection of processed personal data, FCT implements strict
and internationally recognised rules applicable to all those who legally
handle personal data, adopting technical and organisational security
measures in order to protect the personal data that are made available,
such as confidentiality, integrity and authenticity of the processed data,
in this context articulated with the general principles on open data that
recommend free and online access to publications and data resulting from
scientific research funded by FCT, which, by default, ensure that the
data is traceable, accessible, interoperable and reusable.

4.3 Communication and authentication

  • – From the communication means made available by CSIRT FCT, phone and
    non-ciphered e-mail are considered to be sufficient to non-sensitive
    information transmission. In order to transmit sensitive information, PGP
    usage is mandatory.

5 Services

5.1 Handling of security incidents
Security incident handling is CSIRT FCT’s main service. A security incident
is any action or set of actions developed against a compute or network of
computers, which results, or can result, in a loss of confidentiality,
integrity or performance of a data network or digital system, namely
non-authorized access, modification or removal of information, interference
or service denial in a digital system. CSIRT FCT handles security incidents
in the context of RCTS – Rede Ciencia, Tecnologia e Sociedade – incidents
which source or target of an attack is within RCTS.

5.2 Alert dissemination
CSIRT FCT aims to gather a set of information received from several
well-known sources, evaluate its severity degree and translate it to
Portuguese language. Depending on the severity degree, the analyzed
information can result in a security alert, on a recommendation or a simple
news entry published on the https://csirt.fct.pt/ portal.

5.3 New CSIRT teams support
CSIRT FCT also intends to promote the creation of new security incident
handling teams within RCTS and in the Portuguese Public Administration
context. This service includes holding training events directed to security
incident handling, spreading the word about the theme on adequate fora, and
the support to the creation of new CSIRTs.

5.4 DNS Firewall
CSIRT FCT makes available to its constituency a DNS-based mechanism that
prevents communications with malicious domains. The service encompasses the
maintenance and dissemination of a list of malicious domains. In the event
that a user accesses a URL that contains a malicious domain, the content
displayed will be a local page, indicating that the URL that you tried to
access includes malicious content.

5.5 Security Audits
Security audits are performed on request, strictly for CSIRT FCT’s
constituency. Each audit involves the preparation of a report containing the
set of facts found and also suggestions for mitigation.

5.6 Monitoring against web defacements
Alarms against web defacements is a CSIRT FCT pilot service, which includes
continuous monitoring, archiving several versions of a web server to be able
to register/evaluate any changes. This service is only available for the
constituency.

5.7 Anti-Phishing awareness campaigns
CSIRT FCT develops on-demand phishing campaigns for members of its
constituency and other organisations that sign a specific agreement.
Following the development of a campaign, there will also be an awareness
session addressed to the set of people defined as the target group. The aim
of this service is to provide a tool to evaluate the degree of exposure of
an organization to potential future incidents, increasing awareness to
cybersecurity issues.

6 Disclaimer
While all precautions were taken in the preparation of disclosed information
on the Internet portal or through distribution lists, CSIRT FCT assumes no
responsibility for errors or omissions or for damages resulting from the use
of that information.

—–BEGIN PGP SIGNATURE—–

iQJIBAEBCgAyFiEEMd/S5b5Hq429iKRtKg3JMPv7fGYFAmhIm00UHHJlcG9ydEBj
c2lydC5mY3QucHQACgkQKg3JMPv7fGYbkQ//Qg3x7pkWUQ7kqJTw3gapRyGcbfwv
h08Q7jSf0SeXPZjdBQGVxZ4De+9v+Z+PXklQJN+e4pmfeFEeq9hxkWUjV9uJaazb
BRbTp1F83UQMbsv/bXYpm7s9jDHGEirF0KoaOKp9Z6qKGnqsj7nqrw6iGWEAXxv6
Ufy4i+Sd2k0l2IIiOalyZmubcEo2r2HY+Jv30jglhZvhhg8WcQ1WWA3lkU7H9OD7
H7ezUqTClQ2OKxxJM83rHD3C/HbPdypnVPQIyrvJqVu15MumTboF1TeUhxKPH147
ibWxXoJF3T7RwVF34hwILD2U5PXXEA8snZicZOw/SANS9KbIVmfx3rYAnBB4/FH5
pSQvputqfLDtLfBBF9+OlV8EgNWDRzIMygiutCyV8RWf9dZKF6xuzl+0Gj8t2bP2
95iyomIQd0vCn49dnloY48ptV9kOGWuxuDTrr1IVZ/vl2peC9sj+cu6FwPXlLrxS
FKU7IXTncdSJJeji4IoBjhJG0tXda2QmDR6QYzegAXWN1d2yc+JENSCvyEyGC64H
cPxEqXVVyHgFpYmCiVKrLnawVuY1S16o2IBiccEuGXXadSgCpCWXvLlqx0Wl31/i
vd7jsvRvPDigjXA4094cLk5THZUT5fTG3559adm0S+yXeM4fDoh7mSrKRto9H1Vk
vJvH6p/bjXJ0DSQ=
=NOIH
—–END PGP SIGNATURE—–