According to the RFC 2350 a Computer Emergency Response Team should make it clear who belongs to their constituency and defines the services the team offers to the community. The description of the CERT der BA according to RFC 2350 is available below. You can download the document here and the certificates at https://www.pki.arbeitsagentur.de/.
RFC 2350 CERT der Bundesagentur für Arbeit
1. Document Information
This document contains a description of “CERT der Bundesagentur für Arbeit” according to RFC 2350. It provides basic information about the CERT, the ways it can be contacted, its responsibilities and the services offered.
1.1 Date of Last Update
11. September 2018 13:37:00 +0200
1.2 Distribution List for Notifications
Currently there is no push notification on changes to this document. The latest version published on this webpage does apply.
1.3 Locations where this Document May Be Found
The current version of this document can always be found at:
1.4 Document Authenticity
Authenticity of this document can be proven via TLS certificate (https Issuer D-Trust) or digital signature of a pdf document. According certificates, root certificates and fingerprints can be downloaded at https://www.pki.arbeitsagentur.de.
1.5 Document Identification
Title: "RFC 2350 CERT der Bundesagentur für Arbeit"
Document Date: 2018.06.21
Expiration: This document is valid until superseded by a later version.
2. Contact information
2.1 Name of the Team
CERT der Bundesagentur für Arbeit
CERT der Bundesagentur für Arbeit
Regensburger Str. 104
90478 Nürnberg Germany
2.3 Time Zone
CERT der Bundesagentur für Arbeit operates in the central European time zone (CET) which is GMT+0100 resp. GMT+0200/CEST during summer time in Europe (end of March until end of October).
2.4 Telephone Number
+49 911 179 6500
Please respect that the above published telephone numbers are solely intended for communication related to critical security incidents. Violating this condition might lead to blacklisting of offending telephone numbers on our telephone system.
2.5 Fax Number
Communication via FAX is not provided.
2.6 Other Telecommunication
2.7 Electronic Mail Address
All reports on security incidents, fault reports, warnings, advice and recommendations should be sent to an IT-Systemhaus.CERT@arbeitsagentur.de.
Use of phone for reporting incidents should be avoided if possible.
2.8 Public Keys and Encryption Information
CERT der Bundesagentur für Arbeit is using S/MIME encryption protocol in order to protect e-mail communication with other CERTs or partners. More information on this can be found at and also where to find the current S/MIME certficate:
2.9 Operating times of CERT-BA
Monday - Thursday: 08:00 to 16:30,
Friday: 08:00 to 13:00.
Exceptions: 24th and 31st December as well as public holidays in Bavaria
3.1 Mission Statement
CERT der Bundesagentur für Arbeit provides protection of Bundesagentur für Arbeit and its constituents against intentional and malicious attacks on confidentiality, integrity or availability of information, using and improving prevention, detection and reaction methods. Security incidents are centrally recorded, handled and managed. Furthermore contributing to establishing and training of sustained security awareness.
The constituencies of CERT der Bundesagentur für Arbeit are internal departments and external customers.
3.3 Sponsorship and/or Affiliation
CERT der Bundesagentur für Arbeit is an internal unit of IT-Systemhaus, which is a department of Bundesagentur für Arbeit. Sponsorship and financial support is provided by this authority only.
CERT der Bundesagentur für Arbeit is mandated to coordinate and perform security incident response and security incident handling within Bundesagentur für Arbeit and with its customers. Corresponding authority is documented deposited in the ISMS, certified according to ISO27001 (BSI-Grundschutz).
4.1 Types of Incidents and Level of Support
CERT der Bundesagentur für Arbeit is working on all kinds of incidents related to security issues on IT-systems or persons which occur, or threaten to occur, within its constituencies. This encompasses incidents regarding security management. Dissociation from fraud management and privacy protection exists.
The level of support is based on the type and severity of the security incident, the number of users affected and the impact on IT-systems and personal of affected institutions. Support is also limited by available resources.
4.2 Co-operation, Interaction and Disclosure of Information
CERT der Bundesagentur für Arbeit attaches great importance to operational cooperation and information-sharing between Computer Emergency Response Teams (CERTs) and other organizations regarding knowledge about attackers and attack-methods Threat Intelligence platforms (e.g. MISP) are used to exchange IoCs.
4.3 Communication and Authentication
CERT der Bundesagentur für Arbeit protects sensitive information in accordance with relevant regulations and policies in Germany and the EU. It makes use of current cryptographic methods to ensure confidentiality and integrity of the communication between other CERTs and their partners. CERT der Bundesagentur für Arbeit also respects the sensitivity labels assigned by information copyright owners. Communication security (encryption and authentication) is achieved by S/MIME or other methods to be arranged.
5.1 Incident Response
CERT der Bundesagentur für Arbeit is able to detect security incidents (SIEM) and has the authority to perform triage and security incident handling.5.2 Incident coordination
CERT der Bundesagentur für Arbeit is responsible for central coordination of handling and reaction of security incidents. It is able to categorizes, escalate and delegate activities on a need-to-know basis.
5.2 Incident Coordination
CERT der Bundesagentur für Arbeit is responsible for central coordination of handling and reaction of security incidents. It is able to categorizes, escalate and handle a reported incident.
5.3 Proactive Activities
CERT der Bundesagentur für Arbeit offers up-to-date information about security vulnerabilities and gives recommendations on remedial actions (patching, workarounds, etc.). The CERT also provides information for internal security awareness campaigns and offers support for security related education and trainings for internal departments.
Furthermore, the team continuously evaluates and develops new products and tools for securing the infrastructure and detecting threats.
6. Incident Reporting Forms
There are no public forms available to third parties to report security incidents. All communication should be directed to IT-Systemhaus.CERT@arbeitsagentur.de. We recommend encryption via S/MIME for any information related to security incidents or vulnerabilities.
While every precaution will be taken in the preparation of information, notifications and alerts, CERT der Bundesagentur für Arbeit assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.