TLP:CLEAR

RFC-2350

The following profile of MBDA-DE-CERT has been composed according to RFC-2350.

1 Document Information
1.1. Date of Last Update
2025-04-11 (Version 1.0) 
This document is valid until superseded by a later version.

1.2. Distribution List for Notifications
None.

1.3. Locations where this Document May Be Found
The current version of this document is available at: 
https://www.mbda-systems.com/cert/de.

1.4. Authenticating this Document
This document has been signed with the public PGP key of MBDA-DE-CERT. The 
signature and current public PGP key are available at: 
https://www.mbda-systems.com/cert/de.

2 Contact Information
2.1. Name of the Team
Full name: MBDA-DE-CERT: Computer Emergency Response Team (CERT) of MBDA 
Deutschland GmbH
Short name: MBDA-DE-CERT

2.2. Address
MBDA Deutschland GmbH
MBDA-DE-CERT
Hagenauer Forst 27
86529 Schrobenhausen
GERMANY

2.3. Time Zone
Central European Time (CET, UTC+0100) /
Central European Summer Time (CEST, UTC+0200)

2.4. Telephone Number
+49 8252 994242 (voicemail)

2.5. Facsimile Number
None.

2.6. Other Telecommunication
None.

2.7. Electronic Mail Address
cert@mbda-systems.de

2.8. Public Keys and other Encryption Information
MBDA-DE-CERT's current public PGP key is available at: 
https://www.mbda-systems.com/cert/de.

2.9. Team Members
No information is provided in public.

2.10. Contact
The preferred method for contacting the MBDA-DE-CERT is via email (2.7). If it
is not possible to use email, MBDA-DE-CERT can be reached by telephone (2.4).

2.11. Other Information
None.

3 Charter
3.1. Mission Statement
MBDA-DE-CERT acts as the central point of contact regarding security-related 
incidents in computer systems. MBDA-DE-CERT is mandated to prevent and 
anticipate, detect, triage, respond and handle security-related incidents in 
computer systems. 

3.2. Constituency
MBDA-DE-CERT services are intended for the sole use of MBDA Deutschland GmbH 
including all majority-owned subsidiaries (internal to sponsoring organization).

3.3. Sponsoring Organization / Affiliation
MBDA Deutschland GmbH

3.4. Authority
MBDA-DE-CERT carries out its activities under the authority of MBDA Deutschland 
GmbH as approved by the Managing Director.

4 Policies
4.1. Types of Incidents and Level of Support
MBDA-DE-CERT addresses all kinds of security-related incidents in computer 
systems which occur, or threaten to occur, within its constituency. The level of 
support depends on the type and severity of the given security incident, the 
impact for its constituency and resources at the time. 

4.2. Co-operation, Interaction and Disclosure of Information
MBDA-DE-CERT highly regards the importance of operational cooperation and 
information-sharing between Computer Emergency Response Teams, and also with 
other organizations which may contribute towards or make use of their services. 
MBDA-DE-CERT respects the Traffic Light Protocol (TLP) as defined by the FIRST 
Standards Definitions, see: https://www.first.org/tlp/. 

MBDA-DE-CERT operates in strict compliance with German and/or EU legislation.

4.3. Communication and Authentication
The preferred method for contacting the MBDA-DE-CERT is via email (2.7). For the 
exchange of sensitive information and authenticated communication MBDA-DE-CERT 
uses PGP key for encrypting and/or signing messages. All sensitive communication 
to MBDA-DE-CERT should be encrypted with its public PGP key (2.8).

Telephone (2.4) can only be used for non-sensitive information. 

5 Services
MBDA-DE-CERT services are intended for the sole use of MBDA Deutschland GmbH 
including all majority-owned subsidiaries (internal to sponsoring organization). 
MBDA-DE-CERT services are based on the FIRST CSIRT Services Framework, Version 
2.1, see: 
https://www.first.org/standards/frameworks/csirts/csirt_services_framework_v2-1. 

5.1. Information Security Event Management
5.2. Information Security Incident Management
5.3. Vulnerability Assessment and Management 
5.4. Situational Awareness
5.5. Knowledge Transfer

6 Incident Reporting Forms
No special form is needed to report incidents to MBDA-DE-CERT. Please provide at 
least the following information: Contact details and organisational information 
-- name of person, name of organisation, email address and telephone number.

7 Disclaimers
While every precaution will be taken in the preparation of information, 
notifications and alerts, MBDA-DE-CERT assumes no responsibility for errors or 
omissions, or for damages resulting from the use of the information contained 
within.