EDU-CERT Description document according to RFC 2350

1. About this document

This document provides a description of EDU-CERT according to RFC provides information about the CERT, how to contact the team, and describes its responsibilities and the services offered to its constituency.


1.1 Date of Last Update

This is version 1.01, published 06.12.2021.


1.2 Distribution List for Notifications

Notifications of updates are submitted to our mailing list < This email address is being protected from spambots. You need JavaScript enabled to view it. This email address is being protected from spambots. You need JavaScript enabled to view it. >. Subscription requests for this list should be sent to the Sympa list server at < This email address is being protected from spambots. You need JavaScript enabled to view it. This email address is being protected from spambots. You need JavaScript enabled to view it. >; the body of the message should consist of the word "subscribe".  Send the word "help" instead if you don't know how to use a sympa list manager.

This mailing list is moderated.


1.3 Locations where this Document May Be Found

the current version of this cert description document is available from the EDU-CERT website ; its URL is :
يمكن الاضطلاع على النسخة العربية  على :

Please make sure you are using the latest version.


1.4 Authenticating this document

Both the English and Arabic versions of this document have been signed with the EDU-CERT's PGP key.  The signatures are also on our Web site, under:



2. Contact Information

this section describes how to contact EDU-CERT.


2.1 Name of the Team

"EDU-CERT": the Moroccan Academic Computer Emergency Response Team.


2.2 Address

Allal El Fassi Ave and FAR Ave corner, Hay Ryad,
PO BOX 8027 United Nations, 10102 Rabat, Morocco

2.3 Time Zone

Casablanca (GMT+1:00)


2.4 Telephone Number

+212 537 569 898


2.5 Facsimile Number

+212 537 569 899  (this is *not* a secure fax)


2.6 Other Telecommunication

None available.


2.7 Electronic Mail Address

< This email address is being protected from spambots. You need JavaScript enabled to view it. This email address is being protected from spambots. You need JavaScript enabled to view it. > This is a mail alias that relays mail to the humans on duty for the EDU-CERT.


2.8 Public Keys and Other Encryption Information

The EDU-CERT has a PGP key, whose KeyID is aaaaaaaaaa  and whose fingerprint is 686D 781C 4CBF 034A 6D03 B105 F9BD 33F6 F621 AE1D.
The key and its signatures can be found at the usual large public keyservers.
Because MA-CERT is still in it’s first year of existance , this key still has relatively few signatures; efforts are underway to increase the number of links to this key in the PGP "web of trust".


2.9 Team Members

Team Lead is Redouane Merrouch. A complete list of team members can be found at :
Management, liaison and supervision are provided by Redouane Merrouch, head of MARWAN network.


2.10 Other Information

General information about the EDU-CERT, as well as links to various recommended security resources, can be found at :


2.11 Points of Customer Contact

The preferred method for contacting the EDU-CERT is via e-mail at < This email address is being protected from spambots. You need JavaScript enabled to view it. This email address is being protected from spambots. You need JavaScript enabled to view it. >; e-mail sent to this address will be delivered appropriate team members, or be automatically forwarded to the appropriate backup person, immediately.  If you require urgent assistance, put "urgent" in your subject line.
If it is not possible (or not advisable for security reasons)to use e-mail, the team can be reached by telephone during regular office hours.
The EDU-CERT's hours of operation are generally restricted to regular business hours (09:00-17:00 Monday to Friday except holidays).
If possible, when submitting your report, use the form mentioned in section 6.


3. Charter

This section describres EDU-CERT charter.


3.1 Mission Statement

EDU-CERT's mission is to coordinate and investigate security incidents regarding the Moroccan Academic Reasearch Wide Area Network (MARWAN), ans assist  its constituents in implementing proactive measure  to reduce the risk of such incidents to occur.


3.2 Constituency

Our constituency is defined to be institutions that are connected to MARWAN (Moroccan Academic and Research Area Network).
EDU-CERT is responsible for this autonomous system: 30983.


3.3 Sponsorship and/or Affiliation

EDU-CERT is the Computer Security Incident Response Team (CSIRT) for the Moroccan academic and Research Network (MARWAN).
Funding is provided by the CNRST (National Center for Scientific and Technical Research ).


3.4 Authority

EDU-CERT operates under the auspices of, and with authority delegated by, the director of CNRST. We expect to work cooperatively with system and network administrators  of MARWAN connected institutions.



This section describes EDU-CERT policies

4.1 Types of incidents and level of Support

The EDU-CERT is authorized to address all types of computer security incidents which occur, or  threaten to occur within its constituency.
The level of support given by EDU-CERT will vary depending on the type and severity of the incident or issue, the type of constituent, the size of the user community affected, and the EDU-CERT's resources at the time, though in all cases some response will be made within one working day.
We expect end users to contact their local systems or network administrators at the level of the connected institution.


4.2 Co-operation, Interaction and Disclosure of Information

EDU-CERT will exchange all necessary information with other CSIRTs as well as with other affected parties if they are involved in the incident or incident response process. furthermore, unless explicitly authorized, appropriate measures will be taken to protect the identity of members of our constituency.


4.3 Communication and Authentication

For sensitive information exchanges we prefer encrypted and signed e-mail using PGP . For other communication phone, facsimile, postal service, or unencrypted e-mail may be used.



This section describes services offred by EDU-CERT.


5.1 Incident Response

EDU-CERT will assist system administrators in handling the  technical and organizational aspects of incidents.  In particular, it will provide assistance or advice with respect to the following aspects of incident management:

5.1.1 Incident Triage

  • Investigating whether indeed an incident occured.
  • Determining the extent of the incident.

5.1.2 Incident Coordination

  •  Determining the initial cause of the incident  (vulnerability exploited).
  •  Facilitating contact with other sites which may be involved.
  •  Making reports to other CSIRTs.
  •  Composing announcements to users, if applicable.

5.1.3 Incident Resolution

  • Assure that security incidents are handled properly by the affected organisations.
  • Ask for feedback.
  • propose appropriate procedures.


5.2 Proactive Activities

  • Advisory service
  • Maintain a database of networks, sites and security contacts.
  • Mailing lists for security information.
  • Regular tutorials on security topics.
  • Network scans


6 Incident Reporting Forms

To report an incident, a web form is availaible at :
Incident reports should contain the following information

  • Incident date and time (including time zone)
  • Source IPs, ports, and protocols
  • Destination IPs, ports, and protocols

Preferable the report includes a log file in a common format.   

7 disclaimers

While every precaution will be taken in the preparation of information, notifications and alerts, EDU-CERT assumes no responsibility for errors or omissions,  or for damages resulting from the use of the information contained within.



Security News

Copyright © 2012 EDU-CERT : the Moroccan Academic Computer Emergency Response Team. All Rights Reserved.