--- 1/draft-ietf-sacm-terminology-04.txt 2014-08-15 08:14:32.091436874 -0700 +++ 2/draft-ietf-sacm-terminology-05.txt 2014-08-15 08:14:32.107437264 -0700 @@ -1,23 +1,23 @@ Security Automation and Continuous Monitoring WG D. Waltermire Internet-Draft NIST Intended status: Informational A. Montville -Expires: November 27, 2014 CIS +Expires: February 16, 2015 Tripwire D. Harrington Effective Software N. Cam-Winget Cisco Systems - May 26, 2014 + August 15, 2014 Terminology for Security Assessment - draft-ietf-sacm-terminology-04 + draft-ietf-sacm-terminology-05 Abstract This memo documents terminology used in the documents produced by SACM (Security Automation and Continuous Monitoring). Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. @@ -25,21 +25,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on November 27, 2014. + This Internet-Draft will expire on February 16, 2015. Copyright Notice Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -48,32 +48,32 @@ include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Terms and Definitions . . . . . . . . . . . . . . . . . . . . 2 2.1. Pre-defined Terms . . . . . . . . . . . . . . . . . . . . 2 2.2. New Terms and Definitions . . . . . . . . . . . . . . . . 4 - 2.3. Requirements Language . . . . . . . . . . . . . . . . . . 5 - 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 - 4. Security Considerations . . . . . . . . . . . . . . . . . . . 6 - 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6 - 6. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 6 - 6.1. ietf-sacm-terminology-01- to -02- . . . . . . . . . . . . 6 - 6.2. ietf-sacm-terminology-01- to -02- . . . . . . . . . . . . 6 - 6.3. ietf-sacm-terminology-02- to -03- . . . . . . . . . . . . 6 - 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 - 7.1. Normative References . . . . . . . . . . . . . . . . . . 6 - 7.2. Informative References . . . . . . . . . . . . . . . . . 7 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7 + 2.3. Requirements Language . . . . . . . . . . . . . . . . . . 7 + 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 + 4. Security Considerations . . . . . . . . . . . . . . . . . . . 7 + 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7 + 6. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 7 + 6.1. ietf-sacm-terminology-01- to -02- . . . . . . . . . . . . 7 + 6.2. ietf-sacm-terminology-01- to -02- . . . . . . . . . . . . 7 + 6.3. ietf-sacm-terminology-02- to -03- . . . . . . . . . . . . 7 + 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 + 7.1. Normative References . . . . . . . . . . . . . . . . . . 8 + 7.2. Informative References . . . . . . . . . . . . . . . . . 8 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 1. Introduction Our goal with this document is to improve our agreement on the terminology used in documents produced by the IETF Working Group for Security Automation and Continuous Monitoring. Agreeing on terminology should help reach consensus on which problems we're trying to solve, and propose solutions and decide which ones to use. This document is expected to be a temporary work product, and will @@ -186,40 +186,62 @@ The process by which assets are provisioned, updated, maintained and deprecated. Asset Targeting Asset targeting is the use of asset identification and categorization information to drive human-directed, automated decision making for data collection and analysis in support of endpoint posture assessment. + Broker + + An entity providing and/or connecting services on the behalf of + other architectural components. Within the SACM Architecture, for + example, a broker may provide authorization services and find, + upon request, entities providing requested services. + Building Block For SACM, a building block is a unit of functionality that may apply to more than one use case and can be supported by different components of an architectural model. + Capability + + The extent of an architectural component's ability. For example, + a Posture Information Provider may only provide endpoint + management data, and then only a subset of that data. + + Client + + An architectural component receiving services from another + architectural component. + Collection Task The process by which posture attributes or values are collected. + Consumer + + An architectural component receiving information from another + architectrual component. + Evaluation Task The process by which posture attributes are evaluated. Endpoint Target The endpoint of interest. Endpoint Discovery - The process by which an endpoint can be identified. Evaluation Result The resulting value from having evaluated a set of posture attributes. Expected Endpoint State The required state of an endpoint that is to be compared against. @@ -217,27 +239,67 @@ Evaluation Result The resulting value from having evaluated a set of posture attributes. Expected Endpoint State The required state of an endpoint that is to be compared against. - Security Automation + Function + + A behavioral aspect of a particular architectural component, which + belies that component's purpose. For example, the Management + Plane can provide a brokering function to other SACM architectrual + components. + + Management Plane (TBD per list; was "Control Plane") + + Architectural component providing common functions to all SACM + participants, including authentication, authorization, + capabilities mappings, and the like. + + Provider + + An architectural component providing information to another + architectrual component. + + Proxy + + An architectural component providing functions, information, or + services on behalf of another component, which is not directly + participating in the architecture. + + Repository + + An architectural component intended to store information of a + particular kind. A single repository may provide the functions of + more than one repository type (i.e. configuration baseline + repository, assessment results repository, etc.) + + Role + + A label representing a collection of functions provided by a + particular architectural component. + Security Automation The process of which security alerts can be automated through the use of different tools to monitor, evaluate and analyze endpoint and network traffic for the purposes of detecting misconfigurations, misbehaviors or threats. + Supplicant + + The entity seeking to be authenticated by the Management Plane for + the purpose of participating in the SACM architecture. + 2.3. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. 3. IANA Considerations This memo includes no request to IANA. @@ -298,31 +360,31 @@ David Waltermire National Institute of Standards and Technology 100 Bureau Drive Gaithersburg, Maryland 20877 USA Email: david.waltermire@nist.gov Adam W. Montville - Center for Internet Security - 31 Tech Valley Drive - East Greenbush, New York 12061 + Tripwire + 101 SW Main Street, 15th floor + Portland, Oregon 97204 USA - Email: adam.montville@cisecurity.org - + Email: adam.w.montville@gmail.com David Harrington Effective Software 50 Harding Rd Portsmouth, NH 03801 USA Email: ietfdbh@comcast.net + Nancy Cam-Winget Cisco Systems 3550 Cisco Way San Jose, CA 95134 US Email: ncamwing@cisco.com