RFC 2350

CSIRT Dassault Systèmes

(3DS-CSIRT)

© Dassault Systèmes | TLP: CLEAR | ref.: CSIRT-3DS_RFC_2350

Version 1.0 – 9/6/2023

TLP: CLEAR
 Table of contents
1. Document information .................................................................................................... 4
1.1. Date of Last Update.................................................................................................... 4
1.2. Distribution List for Notifications.................................................................................. 4
1.3. Location where this Document May Be Found............................................................ 4
1.4. Authenticating this Document ..................................................................................... 4
1.5. Document Identification .............................................................................................. 4
2. Contact Information........................................................................................................ 5
2.1. Name of the Team ...................................................................................................... 5
2.2. Address ...................................................................................................................... 5
2.3. Time Zone .................................................................................................................. 5
2.4. Telephone Number ..................................................................................................... 5
2.5. Fascimile Number ...................................................................................................... 5

© Dassault Systèmes | TLP: CLEAR | ref.: CSIRT-3DS_RFC_2350

2.6. Other Telecommunications ......................................................................................... 5
2.7. Electronic Mail Address .............................................................................................. 5
2.8. Public Keys and Encryption Information ..................................................................... 5
2.9. Team Members .......................................................................................................... 5
2.10. Other Information .................................................................................................... 6
2.11. Point of Customer Contact ...................................................................................... 6
3. Charter........................................................................................................................... 7
3.1. Mission Statement ...................................................................................................... 7
3.2. Constituency .............................................................................................................. 7
3.3. Sponsorship and/or Affiliation ..................................................................................... 7
3.4. Authority ..................................................................................................................... 7
4. Policies .......................................................................................................................... 8
4.1. Types of Incidents and Level of Support ..................................................................... 8
4.2. Co-operation, Interaction and Disclosure of Information ............................................. 8
4.3. Communication and Authentication ............................................................................ 8
5. Services ......................................................................................................................... 9
5.1. Incident Response ...................................................................................................... 9
5.2. Proactive activities ...................................................................................................... 9
6. Incident Reporting Forms ............................................................................................. 10
7. Disclaimers .................................................................................................................. 11

2
3
© Dassault Systèmes | TLP: CLEAR | ref.: CSIRT-3DS_RFC_2350
 1. Document information
This document contains a description of CSIRT Dassault Systèmes (3DS-CSIRT) in
accordance with RFC 23501. It provides basic information about 3DS-CSIRT, its channels of
communication, and its roles and responsibilities.

1.1. Date of Last Update

Version 1.0 published on 9/18/2023

1.2. Distribution List for Notifications

3DS-CSIRT does not use a distribution list for notifications of changes to this document.

1.3. Location where this Document May Be Found

The current version of this document can be found at https://www.3ds.com/trust

© Dassault Systèmes | TLP: CLEAR | ref.: CSIRT-3DS_RFC_2350

1.4. Authenticating this Document
This document has been signed with the PGP Key of 3DS-CSIRT.

1.5. Document Identification

Title: ‘3DS-CSIRT_RFC2350’

Version: 1.0

Document Date: 9/6/2023

Expiration: this document is valid until superseded by a later version.

1 https://www.ietf.org/rfc/rfc2350.txt

4
 2. Contact Information

2.1. Name of the Team

Full name: CSIRT Dassault Systèmes

Short name: 3DS-CSIRT

2.2. Address
CSIRT Dassault Systèmes

Dassault Systèmes SE,

10 Rue Marcel Dassault,

78140 Vélizy-Villacoublay | France

© Dassault Systèmes | TLP: CLEAR | ref.: CSIRT-3DS_RFC_2350

2.3. Time Zone
CET/CEST – Paris Time.

2.4. Telephone Number

None available.

2.5. Fascimile Number

None available.

2.6. Other Telecommunications

None available.

2.7. Electronic Mail Address

The email address of 3DS-CSIRT is [email protected]

2.8. Public Keys and Encryption Information

PGP can be used for functional exchanges with 3DS-CSIRT:

 User ID: 3DS.CSIRT <3DS.CSIRT@3ds[.]com>

 Key ID: 0x3614E5ED
 Fingerprint: 12D31DF5BDE5AD6C75A1D05194C2BAC73614E5ED

2.9. Team Members

The list of the 3DS-CSIRT members is not publicly available.

5
 2.10. Other Information
Spoken languages are French and English.

2.11. Point of Customer Contact

To take contact with 3DS-CSIRT, please use our email address 3DS.CSIRT@3ds[.]com.

3DS-CSIRT prefers to receive cybersecurity incident reports via e-mail at

3DS.CSIRT@3ds[.]com. Please use our cryptographic key available above in paragraph 2.8
Public Key and Encryption Information to ensure integrity and confidentiality of your incident
reports.

© Dassault Systèmes | TLP: CLEAR | ref.: CSIRT-3DS_RFC_2350

6
 3. Charter

3.1. Mission Statement

3DS-CSIRT is the internal Computer Emergency Response Team of Dassault Systèmes SE
and its subsidiaries. Its missions are the following:

- Prevent and anticipate cybersecurity incidents by continuously monitoring cyber

threats, conducting proactive threat assessments and coordinating vulnerability
management activities;
- Detect cybersecurity events and incidents through a continuous monitoring of the
entire Dassault Systèmes SE and its subsidiaries’ assets;
- Respond to cybersecurity incidents that may affect Dassault Systèmes SE or its
subsidiaries’ assets according to 3DS-CSIRT incident response management
processes.
- Continuously improve 3DS-CSIRT ability to detect, respond and recover cybersecurity
incident.

© Dassault Systèmes | TLP: CLEAR | ref.: CSIRT-3DS_RFC_2350

3.2. Constituency
Our constituency is composed of Dassault Systèmes SE and all its subsidiaries. 3DS-CSIRT
coordinates and processes the response to incidents related to Dassault Systèmes SE and all
its subsidiaries’ assets.

3.3. Sponsorship and/or Affiliation

3DS-CSIRT is a private CSIRT for Dassault Systèmes SE and all its subsidiaries.

3.4. Authority
3DS-CSIRT acts under the authority of Dassault Systèmes SE.

7
 4. Policies

4.1. Types of Incidents and Level of Support

3DS-CSIRT responds to all cybersecurity incidents affecting Dassault Systèmes SE and all its
subsidiaries’ assets.

4.2. Co-operation, Interaction and Disclosure of Information

3DS-CSIRT considers cybersecurity information sharing as essential to enhance detection
and response capabilities and requiring cooperation with security communities, CERT and
CSIRT. 3DS-CSIRT is willing to share information without violating their confidentiality needs
with trusted networks. No information about incidents or vulnerabilities will be shared with
external parties without the explicit consent of all parties involved.

Each year, 3DS-CSIRT sends its analysts to participate in cybersecurity-related events and
values professional certifications.

© Dassault Systèmes | TLP: CLEAR | ref.: CSIRT-3DS_RFC_2350

4.3. Communication and Authentication
The preferred method of communication is email. For the exchange of sensitive information
and authenticated communication, 3DS-CSIRT uses PGP for encrypting and/or signing
messages.

3DS-CSIRT respects the "Information Sharing Traffic Light Protocol" (FIRST TLP version 2.0).

8
 5. Services

5.1. Incident Response

The 3DS-CSIRT team is in charge of the following operations:

 Incident analysis;
 Incident response;
 Incident response coordination;
 Vulnerability response coordination
 Maintaining of the Incident Response Plan.

The 3DS-CSIRT team implements an incident response process based on the NIST
Computer Security Handling Guide (SP 800-61r2).

5.2. Proactive activities

3DS-CSIRT proactively monitors cyber threats, vulnerabilities through threat intelligence,

© Dassault Systèmes | TLP: CLEAR | ref.: CSIRT-3DS_RFC_2350

vulnerability management and intrusion detection operations.

9
 6. Incident Reporting Forms
3DS-CSIRT does not have an incident reporting form. Please report security incidents by
encrypted e-mail (see 2.8 and 2.11 paragraphs).

© Dassault Systèmes | TLP: CLEAR | ref.: CSIRT-3DS_RFC_2350

10
 7. Disclaimers
While every precaution will be taken in the preparation of information, notifications and alerts,
3DS-CSIRT assumes no responsibility for errors or omissions, or for damages resulting from
the use of the information contained within.

© Dassault Systèmes | TLP: CLEAR | ref.: CSIRT-3DS_RFC_2350

11