Version: 1.5
Date: 05/10/2024
Classification: TLP:CLEAR

1. DOCUMENT INFORMATION

This document describes the Crédit Agricole CERT in accordance with RFC 2350 specification. It provides a summary of the Crédit Agricole CERT’s responsibilities and services.

1.1. Date of Last Update

Version 1.5 of May 10, 2024.

1.2. Distribution List for Notifications

CERT-AG does not use a distribution list to notify updates to this document.

1.3. Document Availability

The document is available on the CERT-AG website at www.cert-ag.com.

1.4. Document Authentication

The document is signed by the CERT-AG PGP key. It is available on the CERT website at: www.cert-ag.com.

1.5. Document Identification

  • Title: RFC 2350 CERT-AG
  • Version: 1.5
  • Date: 05/10/2024
  • Expiration: This document is valid until replaced by a later version.

2. CONTACT INFORMATION

2.1. Name of the Incident Response Team

  • Full Name: CERT Credit Agricole
  • Short Name: CERT-AG

2.2. Postal Address

Crédit Agricole SA
CERT-AG
12 Place des Etats-Unis
92127 Montrouge
FRANCE

2.3. Time Zone

CET/CEST: Europe/Paris (GMT+01:00, and GMT+02:00 for daylight saving time).

2.4. Telephone Number

Landline: Reserved for Crédit Agricole Group employees.

2.5. Facsimile Number

None.

2.6. Other Telecommunications

None.

2.7. Email Address

To report a security incident or cyber threat targeting or involving Crédit Agricole group entities, please contact us at: cert@credit-agricole.com.

2.8. Public Key and Encryption Information

PGP encryption is used in exchanges with the CERT.

  • User ID: CERT Credit Agricole <cert@credit-agricole.com>
  • Key ID: DFB3787D
  • Fingerprint: 3679 5976 A04E 80E6 CEF9 6ADD 3B95 4B4D DFB3 787D

This key is available on the website www.cert-ag.com. It can be retrieved from the public key server: openpgp.circl.lu.

2.9. Team Members

The CERT is composed of a dedicated team of IT security analysts. The representative of the Crédit Agricole CERT is Marc Frédéric Gomez. The complete list of team members is not public.

2.10. Other Information

None.

2.11. Points of Contact

Notifications should be sent by email to the address specified in section 2.7 – Email Address. The CERT’s PGP key must be used to ensure the integrity and confidentiality of exchanges.

In case of emergency, the telephone contact point is as indicated in section 2.4 Telephone Number. All CERT services operate 24/7. CERT analysts provide on-call telephone support.

3. CHARTER

3.1. Mission Statement

The CERT-AG’s mission is to:

  • Provide monitoring and reporting services in Cyber Threat Intelligence to anticipate and prevent threats targeting the Crédit Agricole group;
  • Coordinate, investigate and handle cybersecurity incidents that may affect a Crédit Agricole group Entity;
  • Maintain cooperation with trusted security communities (CSIRT and CERT).

3.2. Constituency

The Crédit Agricole CERT is an internal CERT for Crédit Agricole Group Entities. The Crédit Agricole CERT operates only for Crédit Agricole group entities and their subsidiaries.

3.3. Sponsorship/Affiliation

The Crédit Agricole CERT is part of Crédit Agricole S.A.

3.4. Authority

The Crédit Agricole CERT operates under the authority of the Crédit Agricole group CISO. The CERT’s missions are decided and validated by a representative body of the Crédit Agricole Group.

4. POLICIES

4.1. Types of Incidents and Level of Service

The CERT ensures the coordination, investigation and handling of security incidents impacting Crédit Agricole Group Entities. The Crédit Agricole CERT intervenes on any incident in the security or cybercrime domain that potentially or actually impacts Crédit Agricole Group Entities.

The CERT may be mandated by Entities for specific expertise requiring access to equipment, employee equipment (such as PCs or smartphones) or network or security equipment logs.

The level of assistance provided by CERT-AG may depend on the type of incident, the completeness of available information and the resources available to handle it.

4.2. Cooperation, Interaction and Information Sharing

CERT-AG considers operational coordination and information sharing between CERTs, CSIRTs and SOCs as an important element. The team essentially exchanges feedback and relevant information to strengthen the effectiveness of detection and handling of specific incidents.

Information exchanged by CERT-AG with the entire security community, CERTs/CSIRTs external to the group is limited to technical information within its area of responsibility and strictly necessary. No group-specific data or personal data is exchanged without the explicit consent of authorized and concerned parties.

No incident or vulnerability will be publicly disclosed without the agreement of all parties involved. Unless otherwise agreed, information provided remains confidential.

At the Group level, CERT-AG is committed to exchanging all necessary information with other security teams of Entities that may be concerned when needed.

4.3. Communication and Authentication

The Crédit Agricole CERT recommends sending information by encrypted email. The CERT complies with Crédit Agricole Group rules regarding confidentiality concerning the exchange and storage of sensitive or personal data. In its exchanges with other security communities, the CERT complies with the “TLP” confidentiality rules for Traffic Light Protocol.

5. SERVICES

5.1. Incident Response

The CERT offers the following incident response services:

  • Alerts and notifications
  • Incident management
  • Incident analysis and response
  • Vulnerability analysis
  • Malware analysis
  • Digital forensics
  • IOC sharing.

5.2. Incident Triage

An initial assessment is conducted to confirm the security incident and evaluate the severity level of the incident based on the criticality of impacted assets. This severity level may be revised during incident handling to adapt priority management.

5.3. Incident Coordination

Incident coordination includes the following services:

  • Identification of containment and remediation actions after incident detection;
  • Notification of stakeholders on a need-to-know basis;
  • Organization of coordination between stakeholders;
  • Identification of the compromised perimeter;
  • Technical analysis of the incident origin;
  • Development of corrective measures in response to attacks.

5.4. Incident Resolution

During incident resolution, the CERT provides in particular:

  • Improvement proposals following findings and observations during the incident;
  • Digital forensic investigation reports conducted.

5.5. Proactive Activities

The Crédit Agricole CERT monitors threats that may affect Crédit Agricole Group assets:

  • Detection of vulnerabilities on technologies used by the Group;
  • Threat assessment (Cyber Threat Intelligence);
  • Detection of external data leaks;
  • Publication of security bulletins.

6. INCIDENT REPORT FORM

There is no mandatory incident report format.

7. DISCLAIMER

The Crédit Agricole CERT takes all necessary precautions when writing its reports, notifications and alerts, however its liability cannot be engaged in case of errors or omissions, nor in case of damages resulting from the use of the information transmitted.