CERT-GH RFC 2350 Profile

1. Document Information
This document complies with RFC 2350.

1.1. Date of Last Update
This is version 2.0 as of October 2, 2021.

1.2. Distribution List for Notifications
CERT-GH will not plan frequent modifications to this document, thus see section 1.3 for the download location

1.3. Locations where this Document May Be Found
The current version of this profile is available at https://www.csa.gov.gh

2. Contact Information

2.1. Name of the Team
Full name: Ghana National Computer Emergency Response Team
Short name: CERT-GH

2.2. Address
3rd Floor, NCA Tower,
6 Airport By-pass Road
Digital Address: GL-126-7029

2.3. Time Zone
CERT-GH provides 24-hour incident response service.
3rd Floor, NCA Tower.
Greenwich Meantime (GMT).

2.4. Telephone Number
CERT-GH emergency local mobile: +233 (303) 972531
CERT-GH emergency international mobile: +233 (303) 972530

2.5. Facsimile Number
Not applicable.

2.6. Other Telecommunication
Not applicable.

2.7. Electronic Mail Address
Report cybersecurity incidents to report [@t] csa.gov.gh

2.8. Public Keys and Encryption Information
CERT–GH has a PGP key with fingerprint: 0A3E 73BC 0A1B 8B12 9F3C 8AB7 46D2 76A4 AD38 7498

2.9. Team Members
Information about team members is available upon request.

2.10. Other Information
For additional information about CERT-GH, visit

2.11. Points of Customer Contact
E-mail: info@csa.gov.gh
Phone: 0503 185 846
Online form: https://csa.gov.gh/report
SMS Shortcode: 292 (Ghana Only)
Cyber Security Authority (CSA-Gh) Mobile App (Android and iOS)

3. Charter
3.1. Mission Statement
CERT-GH provides information and assistance to its constituents for implementing proactive measures to reduce the risks of computer security incidents. It also provides reactive services when cyber-attacks occur to reduce their impact. Finally, it builds capacity and training on incident management to its constituents.

3.2. Constituency
Sectorial CERTS (National Security, Financial, Telecommunication, Education, Government, Military, Business, Industrial & Commercial Systems (ICS))
General Public

3.3. Sponsorship and/or Affiliation
CERT-GH is a unit under the Cyber Security Authority of the Ministry of Communications and Digitalisation
CERT-GH is affiliated to Council of Europe (GLACY+), UNICEF, Ghana-US Cooperation (SGI), Microsoft
CERT-GH is also a member state of the Budapest Convention (Convention on Cybercrime).

3.4. Authority
CERT-GH has the authority to oversee and make recommendations regarding cybersecurity events and incident mitigation. CERT-GH will execute its duties as outlined within the scope of its charter, informed by applicable laws, regulations, directives, and additional assignments as indicated by the Cyber Security Advisor.

4. Policies
Policies are currently under review

4.1. Types of Incidents and Level of Support
All incidents are considered normal priority unless they are labeled EMERGENCY.

4.2. Cooperation, Interaction, and Disclosure of Information
All incoming information is handled confidentially by CERT-GH, regardless of its priority.
When reporting a sensitive incident, please state so explicitly (for example, by using the label SENSITIVE in the subject field of email) and, if possible, use encryption as well.
CERT-GH supports the Information Sharing Traffic Light Protocol (ISTLP; see https://www.first.org/tlp/docs/tlp-v1.pdf). Information that arrives with the tags WHITE, GREEN, AMBER, or RED will be handled appropriately.

4.3. Communication and Authentication
See section 2.8; In cases that involve sensitive information, use of PGP/GnuPG is highly recommended.

5. Services
5.1. Incident Response

5.1.1 Incident Triage
Investigating whether indeed an incident occurred.
Determining the extent of the incident.

5.1.2 Incident Coordination
Determining and contacting the involved organizations.
Facilitating contact with other parties including law enforcement, if needed.
Asking for reports and/or composing reports, depending on the involved organizations, incident type and severity.
Communicating with media, if necessary.

5.1.3 Incident Resolution
Advising the involved organization(s) on appropriate measures.
Following up the incident solution process.
Collecting evidence and interpreting data, if applicable.

5.2. Proactive Activities
CERT-GH collaborates with Shadowserver foundation.
Providing relevant information on threats, trends and remedies to their constituency (and/or media, if necessary) to raise security awareness and competence.
Collecting contact information of sectorial CERT teams.
Providing for a community building and information exchange within the constituency.

6. Incident Reporting Forms
Refer to section 2.11

7. Disclaimers
While every precaution will be taken in the preparation of information, notifications and alerts, CERT-GH assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.