This document contains a description of Sri Lanka CERT|CC in accordance with RFC 2350. It provides basic information about Sri Lanka CERT|CC, its channels of communication, and its roles and responsibilities and the services offered by Sri Lanka CERT|CC.
This is version 1.6, published 22-09-2020
The up to date document will be available in this page. The management of Sri Lanka CERT|CC shall be updated with the latest updates via email.
Title: “RFC 2350 Description for Sri Lanka CERT | CC”
Document Date: 22-09-2020
Expiration: This document is valid until superseded by a later version.
Sri Lanka CERT|CC, Sri Lanka Computer Emergency Readiness Team | Coordination Centre
BMICH (Bandaranayake Memorial International Conference Hall)
Time zone: India Standard Time (GMT+0530)
+94 11 2 691 692
+94 11 2 679 888
+94 11 2 691 064
General Mail address: email@example.com. Emails will be responded from 8.30am to 5.30pm
Fb and Social media could be reported using firstname.lastname@example.org. Emails are responded from 8.30am-5.30pm
Any security related other incidents could be reported using email@example.com. Emails are read 24/7
PGP finger print: CE87 E1DE E008 3D45 261C 526F ABBA 8C78 26AC 7385
The public key could be found on most key-servers and here in this link.
The CEO of Sri Lanka CERT | CC is Mr. Air Cdre (Retd) Jayasiri Amarasena. Information about other team members is available by request
The preferred communication channel to contact Sri Lanka CERT | CC for general inquiries is to send an e-mail. Facsimile machine is checked during normal office hours only (Available in the location specified 2.7).
Days/Hours of operation: 08:30 to 17:30, Monday to Friday. Out of office hours’ operation in case of emergency and could contactable on as mentioned in p 2.7.
The constituency of Sri Lanka CERT | CC is basically the whole country of Sri Lanka including Public sector, Private sector and General Public.
Sri Lanka CERT|CC is fully owned by the Government of Sri Lanka and it’s under the Ministry of Technology of Sri Lanka. .
Sri Lanka CERT|CC was established as Sri Lanka’s National CERT, by the ICT Agency of Sri Lanka (ICTA) in year 2006. It is registered as a Private Limited Liability Company, and since September 2020, it functions under the Ministry of Technology of Sri Lanka
We assist with Cyber Security Incidents and not Cybercrime. The types of Cyber Security Incidents and level of support given by Sri Lanka CERT|CC is given in our incident handling procedure (5.1).
Sri Lanka CERT|CC works in tight cooperation with Government Organizations, law Enforcement Authorities, the NCPA, the Ministry of Woman and Child Affairs and other relevant organization in the field of information security.
Sri Lanka CERT|CC treats all submitted information as confidential at all times and shall not be disclosed to third parties unless it is essential to do so.
For secure communication use the PGP key given in (2.8) to send encrypted emails to firstname.lastname@example.org.
Sri Lanka CERT | CC will define, assess and prioritize all types of Cyber Security incidents. This service involves responding to a request or notification by a constituent that an unusual event has been detected, which may be affecting the Confidentiality, Integrity and Availability of the services or cyber systems belonging to that constituent. Sri Lanka CERT | CC will provide technical assistance or advice by following the incident management procedure given below.
Sri Lanka CERT|CC conducts digital forensics investigations for government and private organizations on request. Sri Lanka CERT|CC is a member of the panel of experts in the Payment Devices Fraud Act, No. 30 Of 2006.
These services include the provision of a technology watch, providing cyber security threat alerts, conducting seminars & workshops and providing a knowledgebase on the official website of Sri Lanka CERT and its Social Media pages.
This service aims at developing National level Strategies and Polices to enhance the Cyber Security Posture of the country.
The consultancy services include Vulnerability Assessments and Penetration Testing on both Applications and Networks, advisory for any Cyber/information Security matters of the constituency.
General incident reporting form can be found here.
While every precaution will be taken in the preparation of information, notifications and alerts, Sri Lanka CERT|CC takes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.