act CERT

1. Document information

This document contains a description of ACT CERT according to RFC2350.

It provides basic information about the ACT CERT team, its channels of communication, roles, and responsibilities.

1.1. Document history

• Version: 1.0
  Name: Nabil DIAB
  Date: 08/12/2023
  Action:
  Initial publication
• Version: 2.0
  Name: Nabil DIAB
  Date: 18/12/2025
  Action: Rebranding
  • Company name updated: Alter Solutions to act digital
  • Team name updated: Alter CERT . Act CERT.

No operational change (processes, contacts, scope).

1.2. Distribution list

Distribution list for ACT CERT notification is not public.

1.3. Location where this document may be found

The current and latest version of this document is available from the ACT DIGITAL website: https://actdigital.com/en/cert-2350/

1.4. Authenticating this document

This document has been signed with the PGP key of ACT CERT.
The signature of this document is available at: https://actdigital.com/en/act-cert-rfc2350_v2/

1.5. Document identification

Title: ACT CERT – RFC 2350
Version: 2.0
Document date: 18/12/2025

Expiration: This document is valid until superseded by a later version.

2. Contact information

2.1. Name of the team

ACT CERT
ACT CERT is the ACT DIGITAL commercial and internal CERT.

2.2. Address

ACT CERT
6 Avenue du General de Gaulle 78000 Versailles
France

2.3. Time zone

CET / CEST – Paris time

2.4. Phone Number

+33 1 87 66 97 36

2.5. Facsimile Number

None.

2.6. Other means for communication

None.

2.7. Electronic mail address

If you need to notify us about an information security incident or a cyber-threat targeting or involving your company or ACT DIGITAL, please contact us at cert@actdigital.eu.
This is a mailbox monitored by the person(s) on duty for the ACT CERT.

2.8. Public keys and other encryption information

ACT CERT has a PGP public key available at https://keys.openpgp.org
ID: EDDF3E57819152879FC1B1EDEA10147E3EEAEC9B.

2.9. Team member

Nabil DIAB is the current ACT CERT team leader. The team consists of IT security analysts. The list is not publicly available.

2.10. Other information

None.

2.11. Points of customer contact

The preferred method to contact ACT CERT team is to send an email to the cert@actdigital.eu address, which is monitored during hours of operation.
Urgent cases can be reported by phone on +55 1 87 66 97 56. Days / hours of Operations: 09:00 to 25:00, Monday to Friday.
Customer can contact ACT CERT outside of office hours of operations through special on-call phone number which are not publicly disclosed.

3. Charter

3.1. Mission statement

The mission of ACT CERT is to provide robust and responsive cybersecurity incident response services, safeguarding the digital assets and operations of our internal stakeholders as well as our diverse client base. We are dedicated to delivering expert guidance, timely intervention, and comprehensive solutions to manage and mitigate cyber threats.
As a trusted authority in the cybersecurity domain, we strive to:

• Enhance Cyber Resilience: Proactively fortify the cybersecurity posture of our clients through cutting-edge technologies, best practices, and continuous awareness.
• Rapid Incident Response: Offer swift and efficient response to cybersecurity incidents, minimizing impact and guiding recovery efforts.
• Expertise and Excellence: Maintain the highest standards of technical expertise and operational excellence in all facets of cybersecurity incident handling.
• Collaboration and Communication: Foster strong partnerships with industry peers, law enforcement, and cybersecurity communities to stay ahead of evolving cyber threats.
• Education and Awareness: Empower our clients and the wider community through education, sharing insights, and promoting cybersecurity awareness.
  In executing our mission, we adhere to principles of integrity, confidentiality, and relentless commitment to cybersecurity, ensuring a safer digital environment for all our stakeholders.

3.2. Constituency

The constituency of ACT CERT is primarily centered around two key groups:

• Internal Constituency – ACT DIGITAL Group: This includes all departments, branches, and entities within the ACT DIGITAL group. Our services cover every aspect of our internal network, digital resources, and operations.
• External Constituency - Commercial Clients: Alongside our internal focus, ACT CERT extends its expertise to a wide array of external clients. These clients, who engage in our services for cybersecurity needs, benefit from clearly defined Service Level

Agreements (SLAs). Our SLAs detail the expected response times, availability of our team, the scope of incident response services offered, and any other specific commitments or standards we uphold in our service delivery.

3.3. Sponsorship and/or affiliation

ACT CERT is part of ACT DIGITAL company: https://actdigital.com

3.4. Authority

For internal matters, ACT CERT operates under the authority of the CEO of ACT DIGITAL.
For external incidents, ACT CERT coordinates security incident on behalf of its constituency, and only at its constituent’s request.

4. Policies

4.1. Type of incident and level of support

At Act CERT, our expertise encompasses a wide array of cybersecurity incidents, reflecting the diverse and evolving landscape of cyber threats. Our team is equipped to manage various types of incidents, tailored to the unique challenges presented in each situation.

• Types of Incidents: Our capabilities enable us to handle all types of computer security incidents which occur or threaten to occur in our constituency. We have been prepared to address incidents that impact the confidentiality, integrity, and availability of information and systems, both for our internal operations within the Act Digital group and for our external clients.
• Level of Support: The level of support provided by ACT CERT is determined based on several parameters, including the severity of the incident, the potential impact on the affected entity, the complexity of the required response, and the urgency of the situation. Our response is scalable and adaptable, ensuring that each incident is met with an appropriate and effective level of support.

This flexible approach allows us to offer a range of responses, from advisory and guidance for lower-severity incidents to comprehensive, hands-on involvement for more severe or complex situations. Our priority is to provide a responsive, effective, and tailored approach to each cybersecurity incident, ensuring the best possible outcome for our stakeholders.

4.2. Co-operation, interaction, and disclosure of information

4.2.1 Co-operation and Interaction:

• With Internal Teams and Departments: ACT CERT actively collaborates with various internal departments within the ACT DIGITAL group. This includes sharing information, coordinating responses, and providing mutual support to enhance overall cybersecurity posture.
• With External Entities: Our team engages in collaboration with external organizations, including other CERTs, cybersecurity experts, industry groups, and law enforcement agencies. These interactions aim to foster a collective defense against cyber threats, sharing insights, trends, and best practices.
• Participation in Industry Forums and Events: We regularly participate in cybersecurity forums, conferences, and workshops. This involvement not only keeps us abreast of the latest developments in cybersecurity but also allows us to contribute to the broader community.

4.2.2 Disclosure of Information:

• Confidentiality and Privacy: ACT CERT adheres strictly to confidentiality and privacy standards. Sensitive information, particularly that which pertains to specific incidents or clients, is handled with the utmost discretion and in accordance with applicable laws and regulations.
• Information Sharing Protocols: We have established protocols for sharing information that balance the need for openness with the requirement to protect sensitive data. This includes anonymizing data where necessary and ensuring that any shared informationdoes not compromise the security of affected parties.
• Legal and Regulatory Compliance: All disclosures and information sharing are conducted in compliance with relevant legal and regulatory frameworks. This ensures that our actions are not only effective in combating cybersecurity threats but also lawful and ethically sound.
• Incident Reporting: In cases where incidents have broader implications or require external intervention, ACT CERT follows established procedures for reporting these incidents to appropriate authorities and stakeholders in a timely and responsible manner.

4.3. Communication and Authentication

For normal communication without any sensitive information, unencrypted e-mail may be used but Act CERT strongly encourages customers to use encrypted and signed e-mail using PGP to exchange data.

5. Services

5.1. Incident response

5.1.1 Incident triage

The process of receiving, evaluating, and prioritizing incoming incident reports. This step involves initial assessment to determine the scope, severity, and potential impact of the incident.

5.1.2 Incident coordination

Facilitating the response to incidents by coordinating between different stakeholders, which may include internal teams, external clients, and other relevant parties. This involves communication, resource allocation, and strategy implementation.

5.1.5 Incident resolution

Direct involvement in resolving the incident, which includes containment, eradication of the threat, recovery of affected systems, and providing detailed advice for preventing future occurrences.

5.2. Proactive activities

5.2.1 Intrusion detection services

Continuous monitoring and analysis of systems and networks to detect and alert on signs of unauthorized access or malicious activities.

5.2.2 Incident response planning and drills

Helping organizations to develop and test their incident response plans through table- top exercises or simulated incident scenarios, to ensure they are prepared for real-world incidents.

5.2.5 Vulnerability management

Identifying, evaluating, and advising on vulnerabilities within systems and software. This involves regular scanning, assessment of potential impact, and recommendations for mitigation.

6. Incident reporting forms

Please report security incidents via encrypted email to cert@actdigital.eu.
We provide the following assessment table as a flexible guide to help our client frame their request for incident response services. This table is designed to capture critical information that will assist us in understanding and prioritizing the incident. It is not a strict form; rather, it serves to ensure that we receive the essential details necessary to initiate an effective response. Please provide as much information as possible in each category, and feel free to include any additional relevant details that may support the assessment and subsequent handling of your cybersecurity incident.

• Category: Timestamps
  • Information: Time of the first observed malicious activity
    • Assessment: Record the exact date time whenthe incident was first observed and when it was reported.
• Category: Incident details
  • Information: Nature of the Incident
    • Assessment: Describe the nature of the incident, including what happened and howit was discovered.
• Category: Affected systems
  • Information: Asset Name, Type and Function
    • Assessment: List the names, types, and functions of all systems impacted by the incident.
  • Information: Asset IP and Network Range
    • Assessment: Provide the IP addresses and network ranges of the affected assets.
  • Information: Asset Criticality
    • Assess the criticality of each affected asset to your operations.
  • Information: Asset owner / Department
    • Identify the department or individual who owns each affected system.
• Category: Network details
  • Information: Port and Protocol involved
    • Assessment: Note the network ports and protocols involved in the incident.
• Category: User details
  • Information: Account Names
    • Include the names of any user accounts that were active or compromised during the incident.
• Category: Other
  • Information: Other relevant details
    • Assessment: Include any additional information that could be relevant to the incident, such as unusual system behavior observed, relevant recent changes to the system or network, or any other observations that do not fit the categories above but may aid in the investigation.

7. Disclaimers

While we strive to ensure the accuracy and relevance of the information, ACT CERT makes no warranties of any kind, whether expressed or implied, about the completeness, accuracy, reliability, suitability, or availability with respect to the document or the information, services, or related graphics contained herein for any purpose. Any reliance placed on such information is therefore strictly at the user’s own risk.