| draft-ietf-sacm-terminology-04.txt | draft-ietf-sacm-terminology-05.txt | |||
|---|---|---|---|---|
| Security Automation and Continuous Monitoring WG D. Waltermire | Security Automation and Continuous Monitoring WG D. Waltermire | |||
| Internet-Draft NIST | Internet-Draft NIST | |||
| Intended status: Informational A. Montville | Intended status: Informational A. Montville | |||
| Expires: November 27, 2014 CIS | Expires: February 16, 2015 Tripwire | |||
| D. Harrington | D. Harrington | |||
| Effective Software | Effective Software | |||
| N. Cam-Winget | N. Cam-Winget | |||
| Cisco Systems | Cisco Systems | |||
| May 26, 2014 | August 15, 2014 | |||
| Terminology for Security Assessment | Terminology for Security Assessment | |||
| draft-ietf-sacm-terminology-04 | draft-ietf-sacm-terminology-05 | |||
| Abstract | Abstract | |||
| This memo documents terminology used in the documents produced by | This memo documents terminology used in the documents produced by | |||
| SACM (Security Automation and Continuous Monitoring). | SACM (Security Automation and Continuous Monitoring). | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| skipping to change at page 1, line 36 | skipping to change at page 1, line 36 | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on November 27, 2014. | This Internet-Draft will expire on February 16, 2015. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2014 IETF Trust and the persons identified as the | Copyright (c) 2014 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 13 | skipping to change at page 2, line 13 | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Terms and Definitions . . . . . . . . . . . . . . . . . . . . 2 | 2. Terms and Definitions . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2.1. Pre-defined Terms . . . . . . . . . . . . . . . . . . . . 2 | 2.1. Pre-defined Terms . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2.2. New Terms and Definitions . . . . . . . . . . . . . . . . 4 | 2.2. New Terms and Definitions . . . . . . . . . . . . . . . . 4 | |||
| 2.3. Requirements Language . . . . . . . . . . . . . . . . . . 5 | 2.3. Requirements Language . . . . . . . . . . . . . . . . . . 7 | |||
| 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 | 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 4. Security Considerations . . . . . . . . . . . . . . . . . . . 6 | 4. Security Considerations . . . . . . . . . . . . . . . . . . . 7 | |||
| 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6 | 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 6. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 6 | 6. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 6.1. ietf-sacm-terminology-01- to -02- . . . . . . . . . . . . 6 | 6.1. ietf-sacm-terminology-01- to -02- . . . . . . . . . . . . 7 | |||
| 6.2. ietf-sacm-terminology-01- to -02- . . . . . . . . . . . . 6 | 6.2. ietf-sacm-terminology-01- to -02- . . . . . . . . . . . . 7 | |||
| 6.3. ietf-sacm-terminology-02- to -03- . . . . . . . . . . . . 6 | 6.3. ietf-sacm-terminology-02- to -03- . . . . . . . . . . . . 7 | |||
| 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 | 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 7.1. Normative References . . . . . . . . . . . . . . . . . . 6 | 7.1. Normative References . . . . . . . . . . . . . . . . . . 8 | |||
| 7.2. Informative References . . . . . . . . . . . . . . . . . 7 | 7.2. Informative References . . . . . . . . . . . . . . . . . 8 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 1. Introduction | 1. Introduction | |||
| Our goal with this document is to improve our agreement on the | Our goal with this document is to improve our agreement on the | |||
| terminology used in documents produced by the IETF Working Group for | terminology used in documents produced by the IETF Working Group for | |||
| Security Automation and Continuous Monitoring. Agreeing on | Security Automation and Continuous Monitoring. Agreeing on | |||
| terminology should help reach consensus on which problems we're | terminology should help reach consensus on which problems we're | |||
| trying to solve, and propose solutions and decide which ones to use. | trying to solve, and propose solutions and decide which ones to use. | |||
| This document is expected to be a temporary work product, and will | This document is expected to be a temporary work product, and will | |||
| skipping to change at page 5, line 9 | skipping to change at page 5, line 9 | |||
| The process by which assets are provisioned, updated, maintained | The process by which assets are provisioned, updated, maintained | |||
| and deprecated. | and deprecated. | |||
| Asset Targeting | Asset Targeting | |||
| Asset targeting is the use of asset identification and | Asset targeting is the use of asset identification and | |||
| categorization information to drive human-directed, automated | categorization information to drive human-directed, automated | |||
| decision making for data collection and analysis in support of | decision making for data collection and analysis in support of | |||
| endpoint posture assessment. | endpoint posture assessment. | |||
| Broker | ||||
| An entity providing and/or connecting services on the behalf of | ||||
| other architectural components. Within the SACM Architecture, for | ||||
| example, a broker may provide authorization services and find, | ||||
| upon request, entities providing requested services. | ||||
| Building Block | Building Block | |||
| For SACM, a building block is a unit of functionality that may | For SACM, a building block is a unit of functionality that may | |||
| apply to more than one use case and can be supported by different | apply to more than one use case and can be supported by different | |||
| components of an architectural model. | components of an architectural model. | |||
| Capability | ||||
| The extent of an architectural component's ability. For example, | ||||
| a Posture Information Provider may only provide endpoint | ||||
| management data, and then only a subset of that data. | ||||
| Client | ||||
| An architectural component receiving services from another | ||||
| architectural component. | ||||
| Collection Task | Collection Task | |||
| The process by which posture attributes or values are collected. | The process by which posture attributes or values are collected. | |||
| Consumer | ||||
| An architectural component receiving information from another | ||||
| architectrual component. | ||||
| Evaluation Task | Evaluation Task | |||
| The process by which posture attributes are evaluated. | The process by which posture attributes are evaluated. | |||
| Endpoint Target | Endpoint Target | |||
| The endpoint of interest. | The endpoint of interest. | |||
| Endpoint Discovery | Endpoint Discovery | |||
| The process by which an endpoint can be identified. | The process by which an endpoint can be identified. | |||
| Evaluation Result | Evaluation Result | |||
| The resulting value from having evaluated a set of posture | The resulting value from having evaluated a set of posture | |||
| attributes. | attributes. | |||
| Expected Endpoint State | Expected Endpoint State | |||
| The required state of an endpoint that is to be compared against. | The required state of an endpoint that is to be compared against. | |||
| skipping to change at page 5, line 40 | skipping to change at page 6, line 15 | |||
| Evaluation Result | Evaluation Result | |||
| The resulting value from having evaluated a set of posture | The resulting value from having evaluated a set of posture | |||
| attributes. | attributes. | |||
| Expected Endpoint State | Expected Endpoint State | |||
| The required state of an endpoint that is to be compared against. | The required state of an endpoint that is to be compared against. | |||
| Security Automation | Function | |||
| A behavioral aspect of a particular architectural component, which | ||||
| belies that component's purpose. For example, the Management | ||||
| Plane can provide a brokering function to other SACM architectrual | ||||
| components. | ||||
| Management Plane (TBD per list; was "Control Plane") | ||||
| Architectural component providing common functions to all SACM | ||||
| participants, including authentication, authorization, | ||||
| capabilities mappings, and the like. | ||||
| Provider | ||||
| An architectural component providing information to another | ||||
| architectrual component. | ||||
| Proxy | ||||
| An architectural component providing functions, information, or | ||||
| services on behalf of another component, which is not directly | ||||
| participating in the architecture. | ||||
| Repository | ||||
| An architectural component intended to store information of a | ||||
| particular kind. A single repository may provide the functions of | ||||
| more than one repository type (i.e. configuration baseline | ||||
| repository, assessment results repository, etc.) | ||||
| Role | ||||
| A label representing a collection of functions provided by a | ||||
| particular architectural component. | ||||
| Security Automation | ||||
| The process of which security alerts can be automated through the | The process of which security alerts can be automated through the | |||
| use of different tools to monitor, evaluate and analyze endpoint | use of different tools to monitor, evaluate and analyze endpoint | |||
| and network traffic for the purposes of detecting | and network traffic for the purposes of detecting | |||
| misconfigurations, misbehaviors or threats. | misconfigurations, misbehaviors or threats. | |||
| Supplicant | ||||
| The entity seeking to be authenticated by the Management Plane for | ||||
| the purpose of participating in the SACM architecture. | ||||
| 2.3. Requirements Language | 2.3. Requirements Language | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
| document are to be interpreted as described in RFC 2119 [RFC2119]. | document are to be interpreted as described in RFC 2119 [RFC2119]. | |||
| 3. IANA Considerations | 3. IANA Considerations | |||
| This memo includes no request to IANA. | This memo includes no request to IANA. | |||
| skipping to change at page 7, line 29 | skipping to change at page 8, line 41 | |||
| David Waltermire | David Waltermire | |||
| National Institute of Standards and Technology | National Institute of Standards and Technology | |||
| 100 Bureau Drive | 100 Bureau Drive | |||
| Gaithersburg, Maryland 20877 | Gaithersburg, Maryland 20877 | |||
| USA | USA | |||
| Email: david.waltermire@nist.gov | Email: david.waltermire@nist.gov | |||
| Adam W. Montville | Adam W. Montville | |||
| Center for Internet Security | Tripwire | |||
| 31 Tech Valley Drive | 101 SW Main Street, 15th floor | |||
| East Greenbush, New York 12061 | Portland, Oregon 97204 | |||
| USA | USA | |||
| Email: adam.montville@cisecurity.org | Email: adam.w.montville@gmail.com | |||
| David Harrington | David Harrington | |||
| Effective Software | Effective Software | |||
| 50 Harding Rd | 50 Harding Rd | |||
| Portsmouth, NH 03801 | Portsmouth, NH 03801 | |||
| USA | USA | |||
| Email: ietfdbh@comcast.net | Email: ietfdbh@comcast.net | |||
| Nancy Cam-Winget | Nancy Cam-Winget | |||
| Cisco Systems | Cisco Systems | |||
| 3550 Cisco Way | 3550 Cisco Way | |||
| San Jose, CA 95134 | San Jose, CA 95134 | |||
| US | US | |||
| Email: ncamwing@cisco.com | Email: ncamwing@cisco.com | |||
| End of changes. 15 change blocks. | ||||
| 23 lines changed or deleted | 85 lines changed or added | |||
This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||