Canadian Access Federation (CAF) Application Logo
Language
  • English (Canada)
  • French (Canada)
  • Canadian Access Federation - Security Incident Response Trust Framework for Federated Identity Application

  • This application is for current Canadian Access Federation (CAF) participants who have implemented Federated Identity Management Identity Provider (FIM IdP) and would like to add Security Incident Response Trust Framework for Federated Identity (SIRTFI) compliance.

    Not a CAF Participant? Learn more about becoming one here.

    Already a CAF Participant, but lacking FIM IdP? Submit a Service Amendment request. 

    Questions? Email the CAF Program.

  • Please complete the following fields:

  • Authorized Contacts

    All CAF Participants have established authorized contacts for the CAF Program. If you are not part of the authorized contact list, or if you are on the list but are not authorized to make service requests, we will share your application with the designated authorized contact to confirm this request.

  • SIRTFI Attestation Requirements

  • Defining Your Security Protocols and Procedures

  • The goal of Operational Security (OS) is to manage access to information resources, maintain their availability and integrity, and maintain confidentiality of sensitive information.

    Please confirm that your organization's CAF Identity Provider and/or Service(s) comply with the SIRTFI Operational Security requirements by checking all applicable statements.

  • Find the glossary of Information Technology Infrastructure Library term here.  

     

  • An Incident Response Assertion assumes that a security incident response capability exists within the organization. This section’s assertions describe your organization's interactions with other organizations participating in the SIRTFI trust framework.

    Please confirm that your CAF Entity will conform to the following Incident Response Assertions by checking all applicable statements.

  • Please find the Traffic Light Protocol (TLP) information disclosure policy here. 

  • Security Incident Response Staff Information

    Please provide the contact information for the individual responsible for your organization's security incident response. It is your organization's responsibility to ensure that this contact information is kept current.

  •  -
  • Traceability (TR) is the ability to answer the basic questions "who, what, where, and when" concerning a security incident. It requires retaining relevant system-generated information, including accurate timestamps and identifiers of system components and actors, for a period of time.

    As a CAF Entity, please confirm that your organization complies with the SIRTFI Traceability requirements by checking all applicable statements.

  • Participant Responsibilities [PR]: All participants (Identity Providers and Service Providers) in the Canadian Access Federation need to rely on appropriate behaviour.

  • Acceptable Use Policy (AUP): A documented policy that stipulates constraints and practices that a user must abide by in order to access the organization's IT network and services.

  • 0/500
  • Next Steps

    The CAF Program Team will review your application and respond in approximately 1 week with next steps. 

    To follow up on the status of your application, please email canops@canarie.ca. 

  • Should be Empty: