Preskočiť na menu Preskočiť na obsah Preskočiť na pätičku
Domovská stránka MF SR
EN

RFC 2350

CSIRT MFSR description document according to RFC 2350

1. Document Information

This document provides formal description of the CSIRT MFSR based on RFC 2350.

1.1. Date of Last Update

This is version 1.0, published on April 1st, 2026.

1.2. Distribution List for Notifications

The CSIRT maintains internal and external distribution lists for incident notifications. These lists include relevant stakeholders such as team members, partner organizations, and other trusted entities, and are used to ensure timely and appropriate dissemination of security-related information.

Any questions about updates please address to the CSIRT MFSR e-mail address csirt(at)mfsr.sk.

1.3. Locations where this Document May Be Found

The current version of this CSIRT/CERT description document is available from Ministry of Finance of the Slovak Republic website; URL is: https://www.mfsr.sk/files/sk/verejnost/csirt-mfsr/rfc-2350/rfc2350.txt.

Please make sure you are using the latest version of this document.

1.4. Authenticating this Document

This document has been signed with the CSIRT MFSR PGP key.
I tis available on our web site, under: https://www.mfsr.sk/files/sk/verejnost/csirt-mfsr/rfc-2350/rfc2350.txt.sig.

2. Contact Information

2.1. Name of the Team

CSIRT MFSR – Cyber Security Incident Response Team of the Ministry of Finance of the Slovak Republic

2.2. Address

CSIRT MFSR
Ministry of Finance of the Slovak Republic
Štefanovičova 5
P. O. BOX 82
817 82 BRATISLAVA
Slovak Republic

2.3. Time Zone

GMT01/GMT02 with DST which starts on the last Sunday in March and ends on the last Sunday in October)

2.4. Telephone Number

+421 2 5958 5000

2.5. Facsimile Number

N/A

2.6. Other Telecommunication

Not available at the present.

2.7. Electronic Mail Address

Official e-mail address: csirt(at)mfsr.sk
Address for incident reporting: incident(at)mfsr.sk

2.8. Public Keys and Encryption Information

PGP/GnuPG is supported for secure communication.

CSIRT MFSR PGP Key Fingerprint: DE27 68EC 2099 4A75 5E95 AF00 70CA FF01 174C D95B
The CSIRT MFSR team-key can be found here.

CSIRT MFSR is using this key for signing messages.

Please use this key when you need to encrypt messages addressed to CSIRT MFSR and also sign your messages by your own PGP key. It helps when your key is verifiable using the public key-servers.

2.9. Team Members

No information is provided about the CSIRT MFSR team members in public.

2.10. Other Information

General information about the CSIRT MFSR, can be found here.
 

Regular cases: the preferred method for contacting CSIRT MFSR is via e-mail csirt(at)mfsr.sk.

Regular response hours: from Monday to Friday, 08:00 – 16:00.

3. Charter

3.1. Mission Statement

The mission of CSIRT MFSR is to enhance the level of cybersecurity within its constituency through the coordination of incident handling, the provision of expert recommendations, and the sharing of information on threats and vulnerabilities.

The main objectives of CSIRT MFSR are to provide its constituency with the following services:

  • security monitoring of infrastructure and information systems,
  • detection of and coordinated response to reported or identified incidents,
  • vulnerability management and support for remediation,
  • issuing warnings, recommendations, and advisories,
  • building a knowledge base and ensuring knowledge transfer,
  • conducting preventive and educational activities to raise cybersecurity awareness.

3.2. Constituency

The CSIRT MFSR provides services for the Ministry of the Finance of the Slovak Republic.

3.3. Sponsorship and/or Affiliation

CSIRT MFSR is an organizational unit of the Ministry of Finance of the Slovak Republic. Specifically, it is a department of the Information and Cyber Security Division within the Information Technology Section of the Ministry of Finance of the Slovak Republic.

The activities of CSIRT MFSR are directly supported and funded by the Ministry of Finance of the Slovak Republic. Where external resources are available, its activities may also be partially or fully funded through European Union funds dedicated to supporting cybersecurity and digitalization.

3.4. Authority

CSIRT MFSR is the CSIRT team of the Ministry of Finance of the Slovak Republic. It evaluates security-relevant events and coordinates cybersecurity incidents on behalf of its constituency by issuing non-binding recommendations. The implementation of these recommendations is the sole responsibility of the constituency. Outside this scope, CSIRT MFSR has no authority unless explicitly agreed otherwise with a specific constituency institution.

4. Policies

4.1. Types of Incidents and Level of Support

CSIRT MFSR is authorized to handle all types of detected or reported cybersecurity incidents within its constituency. The level of support provided is determined by agreements with individual institutions of the constituency. In general, the level of support depends on the type and severity of the incident, the nature of the constituent entity, the number of affected users, and the resources available to CSIRT MFSR at the time.

4.2. Co-operation, Interaction and Disclosure of Information

CSIRT MFSR cooperates with other CSIRTs, public administration bodies, and relevant institutions both within and outside its constituency, with the objective of enhancing the overall level of cybersecurity and ensuring the effective handling of cybersecurity incidents. Cooperation is based on mutual trust and is aimed at achieving common goals, such as coordinated incident response and vulnerability management.

Interaction with the constituency is carried out primarily through the exchange of security-relevant information, the dissemination of warnings and recommendations, knowledge transfer, and awareness-raising activities. Such interaction does not necessarily imply direct cooperation, but it strengthens the resilience of the constituency by enabling informed decision-making and proactive measures.

All incoming information is treated confidentially, regardless of its priority. Information of a sensitive nature is stored and communicated only in a secure environment, making use of encryption technologies when appropriate. CSIRT MFSR adheres to the Information Sharing Traffic Light Protocol (see https://www.first.org/tlp/ ). Information marked as CLEAR, GREEN, AMBER, or RED will be handled accordingly.

Information received by CSIRT MFSR is used exclusively for the purpose of improving cybersecurity and handling incidents within its constituency. By default, such information may be shared with relevant parties strictly on a need-to-know basis and preferably in anonymized form. If the reporting party specifies particular restrictions on disclosure, CSIRT MFSR will comply with these restrictions but may indicate if such limitations prevent it from taking effective action.

CSIRT MFSR does not report incidents to law enforcement authorities unless required to do so by Slovak national law. Cooperation with law enforcement is possible either on the basis of a formal court order or upon explicit request by a constituent institution affected by a cybersecurity incident. In the absence of a court order, CSIRT MFSR provides information to law enforcement strictly on a need-to-know basis.

4.3. Communication and Authentication

For communication that does not involve sensitive or classified information, standard communication methods such as e-mail are used.

For secure communication, the CSIRT MFSR PGP key is employed for encryption and digital signing of messages. The current public PGP key is available on the CSIRT MFSR website as well as through commonly used public key servers. The fingerprint of the key is published to allow verification of its authenticity.

In cases where there is doubt about the authenticity of information or its source, CSIRT MFSR reserves the right to verify the information by any lawful means. Standard verification mechanisms may include telephone confirmation, digital signatures, or the use of information classification standards such as the Traffic Light Protocol (TLP).

5. Services

5.1. Reactive Services

CSIRT MFSR is responsible for the coordination of cybersecurity incidents that in any way involve its constituency (as defined in section 3.2).

CSIRT MFSR is able to support system administrators in handling both the technical and organizational aspects of incidents.

In particular, it provides assistance or advice with respect to the following aspects of incident management:

  • detection and analysis of incidents,
  • mitigation and containment of incident impact,
  • coordination of incident handling among affected parties,
  • technical guidance and recommendations for corrective measures.

5.2. Preventive Activities

CSIRT MFSR performs proactive activities in order to reduce the risk of cybersecurity incidents and to improve the overall level of security within its constituency.

These activities include, in particular:

  • monitoring of threats and vulnerabilities,
  • issuing warnings, advisories, and recommendations,
  • coordination of vulnerability remediation,
  • building and maintaining a knowledge base,
  • knowledge transfer and training,
  • raising cybersecurity awareness,
  • other proactive measures aimed at strengthening the resilience of the constituency.

6. Incident Reporting Forms

Incidents may be reported to CSIRT MFSR through the following communication channels:

  • by e-mail to the official CSIRT MFSR address,
  • by telephone to the official CSIRT MFSR contact number (during business hours or in case of critical incidents as agreed),
  • via secure communication channels (e.g., PGP-encrypted e-mail),
  • in person at the CSIRT MFSR office (by prior arrangement).

The scope of information required when reporting an incident is published on the CSIRT MFSR website (Report an incident) . Reporters are encouraged to provide these details to the fullest extent possible.

If the reporter considers the incident or related information to be sensitive, it is recommended to use encryption and to mark the report with the appropriate Traffic Light Protocol (TLP) label.

7. Disclaimers

CSIRT MFSR provides its services to the best of its ability and based on the information and resources available at the time. However, CSIRT MFSR does not guarantee the completeness, accuracy, or timeliness of any information or recommendations provided, and cannot be held responsible for the consequences of their use.

The implementation of measures and recommendations issued by CSIRT MFSR is the sole responsibility of the constituency or the respective institution to which such recommendations are addressed.

CSIRT MFSR is not liable for any direct or indirect damages resulting from the use of its services or the information it provides, unless required by the applicable legislation of the Slovak Republic.