How To Join APCERT
APCERT offers different categories of membership/partnership for different types of organisations. Details of each category and application procedures are described in "APCERT Member & Partner Categories Policy" below.
Jump to:
Operational Members
Liaison Partners
Strategic Partners
Corporate Partners
APCERT Member and Partner Approval Process
APCERT Member and Partner Decision Tree
FAQ
Forms:
APCERT Operational Member Application Form
APCERT Liaison Partner Application Form
APCERT Strategic Partner Application Form
APCERT Corporate Partner Application Form
Sponsor report (for New Operational Member application)
Sponsor report (for New Partner application)
APCERT Member & Partner Categories Policy
Introduction
1. The Asia Pacific Computer Emergency Response Team (APCERT) is a forum for national and non-national Computer Security Incident Response Teams (CSIRTs) and Computer Emergency Response Teams (CERTs) within the Asia Pacific region to foster information sharing and collaboration on cyber security. APCERT has relationships with a wide range of organisations within the Asia Pacific region and around the globe.
APCERT Operational Members
2. Operational Members form the core of the APCERT community they are the national and leading CSIRTs and CERTs from across the Asia Pacific region(*1) that meet the following criteria, as stated in the Operational Framework.
3. APCERT Operational Members must:
- be a CSIRT or CERT from an Asia Pacific economy, which performs the function of a CSIRT or CERT on a full time basis;
- be a leading or national CSIRT or CERT within its own economy;
- be not-for-profit and/or wholly or partly government funded;
- have established policies, practices and procedures for operating a CSIRT or CERT within its economy and have experience in CSIRT operations including incident handling and cyber threat and vulnerability monitoring and advice;
- have a broad responsibility and capability for disseminating information and coordinating incident response across and/or among sectors within its economy;
- make contributions to the Asia Pacific CSIRT/CERT community; and
- advise the APCERT SC, within a reasonable time period, if at any time it cannot meet the above criteria.
4. Operational Members are expected to be active participants in APCERT to the greatest extent possible, namely with contributions to the Annual Report, participation in the Annual General Meeting (AGM) and the Annual Drill.
5. Operational Members have full access to all APCERT information sharing and collaborative platforms(*2) and initiatives and are eligible to participate in any (or all) of the APCERT Working Groups(*3). Operational Members also have the right to vote on APCERT operational matters and to stand for the Steering Committee and other elected positions after holding membership for one year. Each Operational Member has one (1) vote.
APCERT Partners
6. Separate to APCERT Operational Members, APCERT has three partnership categories Liaison Partner, Strategic Partner and Corporate Partner, as stated in the Operational Framework. APCERT Partners do not have any voting rights but may observe and provide feedback on APCERT operational matters. Partners receive a standing invitation to the APCERT Annual Conference.
Liaison Partners
7. There are some CERTs/CSIRTs with which APCERT has or would like to have a formal relationship but which are not eligible for operational membership. These organisations include national and non-national CERTs/CSIRTs from outside the Asia Pacific region, and CERTs/CSIRTs that do not yet meet Operational Member joining requirements.
8. An APCERT Liaison Partner must:
- be a full-time national CSIRT or CERT which is either
a. ineligible for operational membership because it is located outside the APCERT region, or
b. is potentially capable of becoming an Operational Member but does not yet meet Operational Member requirements; - be not-for-profit and/or wholly or partly government funded;
- share APCERTs vision to help create a safe, clean and reliable cyber space through global collaboration and is willing to partner with APCERT to achieve this vision; and
- agree and be able to protect information provided by APCERT and its members appropriately in line with the Traffic Light Protocol (TLP)(*4).
- be approved by the SC under an MoU with APCERT; and
- advise the SC, within a reasonable time period, if at anytime it cannot meet the above criteria
- The exchange of official contact details and the potential exchange of CERT-to-CERT operational information are at the core of the Liaison Partner relationship. Liaison Partnership allows a two-way flow of points of contact and information to support CERT/CSIRT operations. It is a mutual partnership based on the vision of helping create a safe, clean and reliable cyber space through global CERT-to-CERT collaboration.
9. As equivalent CERT organisations, APCERT Liaison Partners receive a standing invitation to attend the APCERT Annual General Meeting and Conference. They are also eligible to be invited to participate in the APCERT annual Drill and some APCERT Working Groups, at the discretion of the Working Group convenor and APCERT Steering Committee. Liaison Partners are also able to pursue other collaborative activities of mutual interest with APCERT, including the exchange of tools and techniques, cyber security exercises and capacity building activities such as training. The exchange of information between APCERT and its Liaison Partners occurs in accordance with the TLP.
Liaison Partners
A Liaison Partner is an individual national CSIRT/CERT that principally or completely operates outside the geographic boundaries of APCERT and is not-for-profit and/or wholly or partly government funded, or are potentially capable of becoming an Operational Member but do not yet meet Operational Member requirements. Such entities become Liaison Partners because they wish to establish a formal relationship with APCERT and official points of contact for incident response, as well as to pursue information sharing and other collaborative activities with APCERT and its members.
Strategic Partners
10. Strategic Partners are government or not-for-profit organisationsnot CERTs/CSIRTsthat provide cyber security or internet-related services. Strategic Partners include entities such as Internet registries, law enforcement agencies, network operators and collaborative cyber security groups.
11. An APCERT Strategic Partner must:
- be a government or not-for-profit organisation that provides internet-related services (e.g. domain registry or internet address allocation) or carries out particular cyber security functions (e.g. multilateral national and leading CERT groupings, law enforcement or other cyber security function);
- share APCERTs vision to help create a safe, clean and reliable cyber space through global collaboration and be a willing to partner with APCERT to achieve this vision;
- agree and be able to protect information provided by APCERT and its members appropriately in line with the TLP;
- be sponsored by three (3) existing APCERT Operational Members;
- be approved by the SC under an MoU with APCERT; and
- advise the APCERT SC, within a reasonable time period, if at anytime it cannot meet the above criteria.
Corporate Partners
12. There are a range of commercial cyber security-related entities that wish to formally support the operation and activities of APCERT. Such entities have the opportunity to join APCERT as a Corporate Partner
13. APCERT Corporate Partners must:
- be a cyber security related commercial entity that, regardless of its regional base and organizational structure, will support and contribute to the APCERT operation;
- be able to support CSIRT/CERT functions;
- comply with the APCERT Engagement with Service Providers and Corporate Entities Policy;
- be sponsored by three (3) existing APCERT Operational Members;
- be approved by the SC under an MoU with APCERT; and
- advise the APCERT SC, within a reasonable time period, if at any time it cannot meet the above criteria.
14. The core element of the Corporate Partner relationship with APCERT is that they have ability to contribute to APCERT operations and activities. This contribution or support can come in the form of in-kind assistance such as training, seminars or presentations at APCERT events. It can also involve financial support, for example the APCERT Fellowship Program which provides assistance to selected APCERT members to attend the APCERT Annual General Meeting (AGM) and Conference, sponsoring the APCERT AGM and Conference or other related events.
15. Corporate Partners are also able to share information and support other collaborative cyber security activities and initiatives with APCERT and its members, including capacity building. In addition, they are eligible to participate in some APCERT Working Groups, at the discretion of the Working Group convenor and the APCERT SC.
APCERT Member and Partner Approval Process
APCERT Operational Members
16. To apply for operational membership a potential member must:
- Obtain one (1) APCERT Operational Member sponsor, who will be required to submit a Sponsor Report;
- complete an Operational Membership Application Form and submit it to the APCERT Secretariat;
- agree to a site visit by an APCERT Operational Member if required. The need for a site visit on the potential member will be at the discretion of the APCERT Steering Committee.
- be approved by unanimous APCERT SC decision.
18. APCERT Operational Members are also published on the APCERT public website.
APCERT Partners
19. A potential APCERT Partner can be proposed by any APCERT member, or a potential partner can apply through the APCERT Secretariat. A potential partner must:
- be sponsored by three (3) existing APCERT Operational Members;
- be approved by the SC under an MoU with APCERT. The MoU must be agreed unanimously by the SC and signed by the SC Chair on behalf of APCERT. The MoU must be countersigned by the partner organisations designated and authorised authority within that organisation. Where applicants and SC are unable to sign the MoU in-person, due to the inability to travel, with the unanimous approval of the APCERT SC, digital signing of the document will be allowed.
APCERT Member and Partner Decision Tree
Full policy document is available here:
https://www.apcert.org/documents/pdf/APCERT_Member_and_Partner_Categories_Policy.pdf
For FAQ on membership/partnership, please see:
https://www.apcert.org/application/faq/
(*1) The Asia Pacific region refers to the Asia Pacific Network Information Centres (APNIC) geographic boundaries of 60th degree parallel (longitude). A list of the economies within the Asia Pacific region is listed on the APNIC web site. See: https://www.apnic.net/about-APNIC/organization/apnic-region
(*2) platforms include, for example, the closed APCERT Operational Membership email list, the APCERT Wiki (hosted by MyCERT) and the APCERT Data Exchanger (hosted by CNCERT/CC).
(*3) List of current Working Groups can be found at https://www.apcert.org/about/structure/groups.html.
(*4) APCERTs use of the Traffic Light Protocol is codified in its Information Classification Policy, which is available at https://www.apcert.org/documents/index.html.