1. Document Information
Date of the Last Update
The document is last updated 2nd January 2021.
Distribution list for notification
Currently ACSIRT does not use any distribution list to notify about changes in this document.
Locations where this document may be found
The current version this CSIRT description document is available from ACSIRT RFC 2450 Document.
2. Contact Information
Name of the Team
ACSIRT - Atom Computer Incident Response Team, the CSIRT for the private and public sector entities operating in the Union of Myanmar and the ASEAN countries.
ACSIRT head office is located at the following address.
Block 11, Level 4, Room 506 MICT Park, Hlaing University Campus Road Hlaing Township, Yangon, Myanmar
Myanmar Time, GMT +6.30
Electronic Mail Address
Incident reports (including non-incident) should be addressed to <acsirt (at) kernellix (dot) com>
Public keys and other encryption information
ACSIRT has an OpenPGP public key.
- Key ID: DF59 6805 8AF6 48C4
- Key Finger Print: E579F2C66F538A223DC8E4D1DF5968058AF68D19
The current ACSIRT team-key can be found here.
ACSIRT is the Computer Security Incident Response Team (CSIRT) for the private and public sector entities operating in the Union of Myanmar and the ASEAN countries.
The team member (in alphabetical order) is composed of:
Core Operational Team
- Joe Limwiwatkul
- Saw Winn Naung
- Thar Pyae Soe
- Ye Thura Thet
Business and Operation Support Team
- Kyawt Hmue Khin
- Pyi Phyo Kyaw
- ACSIRT is the Computer Security Incident Response Team (CSIRT) for the private and public sector entities operating in the Union of Myanmar and the ASEAN countries.
- ACSIRT is operated by Kernellix, a privately funded cybersecurity firm headquartered in Yangon, Myanmar.
- We encourage our constituency (customer) to user PGP encryption when sending sensitive information to ACSIRT.
ACSIRT is established to make cyberspace secure and resilient by providing solutions and services to prevent, detect, respond and mitigate cyber incidents.
ACSIRT is the private CSIRT for the private and public sector entities operating in the Union of Myanmar and the ASEAN countries.
The constituency consists of government agencies, enterprises and organizations operating in the Union of Myanmar ad the ASEAN countries.
Sponsorship and/or Affiliation
ACSIRT is funded and operated by Kernellix, a private cybersecurity firm headquartered in Yangon, Myanmar.
ACSIRT coordinates security incidents on behalf of its constituency and has no authority reaching further than that. ACSIRT is however expected to make operational recommendations regarding vulnerabilities and mitigation of incidents and/or incident handling. Such recommendations can include but are not limited to blocking addresses or networks.
Types of Incidents and Level of Support
ACSIRT address all types of computer security incidents which occurs, or threaten to occur, in the constituency networks.
The level of support given by ACSIRT will vary depending on the type and severity of the incident or issue, the type of constituent, the size of the user community affected, and ACSIRT’s resources at the time, though in all cases some response will be made within two working days.
Incidents will be prioritized according to their apparent severity and extent.
End users are expected to contact their systems administrator, network administrator, or department head for assistance.
Co-operation, interaction and disclosure of information
ACSIRT exchanges all necessary information with other CSIRTs, ISACs and affected parties’ administrators. Neither personal nor overhead data are exchanged unless explicitly authorized.
All sensible data (such as personal data, system configurations, known vulnerabilities with their locations) are encrypted if they must be transmitted over unsecured environment as stated below.
ACSIRT supports the Information Sharing Traffic Light Protocol information that comes in with the tags WHITE, GREEN, AMBER or RED will be handled appropriately.
Communication and authentication
ACSIRT uses telephones, unencrypted-email to communicate low-sensitivity data.
ACSIRT recommends to encrypt email communication containing high-sensitivity information using PGP. ACSIRT use PGP key mentioned above.
ACSIRT structures services based on FIRST’s Computer Security Incident Response Team (CSIRT) Services Framework Version 2.0.
ACSIRT will assist the constituents(customers) in handling the technical and organizational aspects of incidents. In particular, ACSIRT will provide assistance or advice with respect to the following aspects of incidents management:
- Incident Triage
- Incident Coordination
- Incident Resolution
ACSIRT leave the incident resolution at the discretion of the involved constituents. However ACSIRT will offer support and recommendation upon request.
ACSIRT coordinates and maintains the following services to the extent possible depending on its resources:
- Vulnerability Management
- Situation Awareness
- Knowledge Transfer
For more information please refer to our service portfolio.
6. Incident reporting forms
Not available. Preferably report in PGP encrypted using email or use the phone.
ACSIRT take every precaution in the preparation of information, notifications and alerts ACSIRT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.