| draft-ietf-sacm-terminology-06.txt | draft-ietf-sacm-terminology-07.txt | |||
|---|---|---|---|---|
| Security Automation and Continuous Monitoring WG D. Waltermire | SACM Working Group H. Birkholz | |||
| Internet-Draft NIST | Internet-Draft Fraunhofer SIT | |||
| Intended status: Informational A. Montville | Intended status: Informational July 06, 2015 | |||
| Expires: August 15, 2015 CIS | Expires: January 7, 2016 | |||
| D. Harrington | ||||
| Effective Software | ||||
| N. Cam-Winget | ||||
| Cisco Systems | ||||
| J. Lu | ||||
| Oracle Corporation | ||||
| B. Ford | ||||
| Lancope | ||||
| M. Kaeo | ||||
| Double Shot Security | ||||
| February 11, 2015 | ||||
| Terminology for Security Assessment | Secure Automation and Continuous Monitoring (SACM) Terminology | |||
| draft-ietf-sacm-terminology-06 | draft-ietf-sacm-terminology-07 | |||
| Abstract | Abstract | |||
| This memo documents terminology used in the documents produced by | This memo documents terminology used in the documents produced by | |||
| SACM (Security Automation and Continuous Monitoring). | SACM (Security Automation and Continuous Monitoring). | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| skipping to change at page 1, line 42 | skipping to change at page 1, line 31 | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on August 15, 2015. | This Internet-Draft will expire on January 7, 2016. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2015 IETF Trust and the persons identified as the | Copyright (c) 2015 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Terms and Definitions . . . . . . . . . . . . . . . . . . . . 2 | 2. Terms and Definitions . . . . . . . . . . . . . . . . . . . . 2 | |||
| 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 | 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 4. Security Considerations . . . . . . . . . . . . . . . . . . . 7 | 4. Security Considerations . . . . . . . . . . . . . . . . . . . 6 | |||
| 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7 | 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 6. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 7 | 6. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 6.1. ietf-sacm-terminology-01- to -02- . . . . . . . . . . . . 7 | 7. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 6.2. ietf-sacm-terminology-01- to -02- . . . . . . . . . . . . 7 | 8. Informative References . . . . . . . . . . . . . . . . . . . 10 | |||
| 6.3. ietf-sacm-terminology-02- to -03- . . . . . . . . . . . . 7 | Appendix A. The Attic . . . . . . . . . . . . . . . . . . . . . 10 | |||
| 6.4. ietf-sacm-terminology-03 to -04- . . . . . . . . . . . . 7 | Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 10 | |||
| 6.5. ietf-sacm-terminology-04 to -05- . . . . . . . . . . . . 8 | ||||
| 6.6. ietf-sacm-terminology-05 to -06- . . . . . . . . . . . . 8 | ||||
| 7. Informative References . . . . . . . . . . . . . . . . . . . 8 | ||||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 | ||||
| 1. Introduction | 1. Introduction | |||
| Our goal with this document is to improve our agreement on the | Our goal with this document is to improve our agreement on the | |||
| terminology used in documents produced by the IETF Working Group for | terminology used in documents produced by the IETF Working Group for | |||
| Security Automation and Continuous Monitoring. Agreeing on | Security Automation and Continuous Monitoring. Agreeing on | |||
| terminology should help reach consensus on which problems we're | terminology should help reach consensus on which problems we're | |||
| trying to solve, and propose solutions and decide which ones to use. | trying to solve, and propose solutions and decide which ones to use. | |||
| 2. Terms and Definitions | 2. Terms and Definitions | |||
| This section describes terms that have been defined by other RFC's | This section describes terms that have been defined by other RFC's | |||
| and defines new ones. The predefined terms will reference the RFC | and defines new ones. The predefined terms will reference the RFC | |||
| and where appropriate will be annotated with the specific context by | and where appropriate will be annotated with the specific context by | |||
| which the term is used in SACM. | which the term is used in SACM. | |||
| Assessment | Assessment: Defined in [RFC5209] as "the process of collecting | |||
| posture for a set of capabilities on the endpoint (e.g., host- | ||||
| Defined in [RFC5209] as "the process of collecting posture for a | based firewall) such that the appropriate validators may evaluate | |||
| set of capabilities on the endpoint (e.g., host-based firewall) | the posture against compliance policy." | |||
| such that the appropriate validators may evaluate the posture | ||||
| against compliance policy." | ||||
| Within this document the use of the term is expanded to support | ||||
| other uses of collected posture (e.g. reporting, network | ||||
| enforcement, vulnerability detection, license management). The | ||||
| phrase "set of capabilities on the endpoint" includes: hardware | ||||
| and software installed on the endpoint." | ||||
| Asset | ||||
| Defined in [RFC4949] as "a system resource that is (a) required to | ||||
| be protected by an information system's security policy, (b) | ||||
| intended to be protected by a countermeasure, or (c) required for | ||||
| a system's mission. | ||||
| Asset characterization | ||||
| Asset characterization is the process of defining attributes that | ||||
| describe properties of an identified asset. | ||||
| Asset Management | ||||
| The process by which assets are provisioned, updated, maintained | ||||
| and deprecated. | ||||
| Asset Targeting | Within SACM the use of the term is expanded to support other uses | |||
| of collected posture (e.g. reporting, network enforcement, | ||||
| vulnerability detection, license management). The phrase "set of | ||||
| capabilities on the endpoint" includes: hardware and software | ||||
| installed on the endpoint." | ||||
| Asset targeting is the use of asset identification and | Asset: Defined in [RFC4949] as "a system resource that is (a) | |||
| categorization information to drive human-directed, automated | required to be protected by an information system's security | |||
| decision making for data collection and analysis in support of | policy, (b) intended to be protected by a countermeasure, or (c) | |||
| endpoint posture assessment. | required for a system's mission. | |||
| Attribute | Asset Characterization: Asset characterization is the process of | |||
| defining attributes that describe properties of an identified | ||||
| asset. | ||||
| Defined in [RFC5209] as "data element including any requisite | Asset Management: The process by which assets are provisioned, | |||
| meta-data describing an observed, expected, or the operational | updated, maintained and deprecated. | |||
| status of an endpoint feature (e.g., anti-virus software is | ||||
| currently in use)." | ||||
| Broker | Attribute: Defined in [RFC5209] as "data element including any | |||
| requisite meta-data describing an observed, expected, or the | ||||
| operational status of an endpoint feature (e.g., anti-virus | ||||
| software is currently in use)." | ||||
| An entity providing and/or connecting services on the behalf of | Authentication: Defined in [RFC4949] as "the process of verifying a | |||
| other architectural components. Within the SACM Architecture, for | claim that a system entity or system resource has a certain | |||
| example, a broker may provide authorization services and find, | attribute value." | |||
| upon request, entities providing requested services. | ||||
| Building Block | Authorization: Defined in [RFC4949] as "an approval that is granted | |||
| For SACM, a building block is a unit of functionality that may | to a system entity to access a system resource." | |||
| apply to more than one use case and can be supported by different | ||||
| components of an architectural model. | ||||
| Capability | Broker: A standard SACM component providing and/or connecting | |||
| services on the behalf of other SACM components via the control | ||||
| plane. Within the SACM Architecture, for example, a broker may | ||||
| provide authorization services and find, upon request, SACM | ||||
| components providing requested services. | ||||
| The extent of an architectural component's ability. For example, | Building Block: For SACM, a building block is a unit of | |||
| a Posture Information Provider may only provide endpoint | functionality that is used to compose SACM components. It | |||
| management data, and then only a subset of that data. | contains functions and may apply to one or more use cases. A | |||
| Building Block can have interfaces on the data plane, the control | ||||
| plane, or on the management plane. | ||||
| Client | Capability: The extent of an SACM component's ability enabled by the | |||
| building blocks it is composed of. For example, a Posture | ||||
| Information Provider may only provide endpoint management data, | ||||
| and then only a subset of that data. | ||||
| An architectural component receiving services from another | Collection Task: The task by which endpoint attributes and/or | |||
| architectural component. | corresponding attribute values are collected. | |||
| Collection Task | Consumer: An architectural component receiving information from | |||
| another architectrual component. | ||||
| The process by which posture attributes or values are collected. | Data Confidentiality: Defined in [RFC4949] as "the property that | |||
| data is not disclosed to system entities unless they have been | ||||
| authorized to know the data." | ||||
| Consumer | Data Integrity: Defined in [RFC4949] as "the property that data has | |||
| not been changed, destroyed, or lost in an unauthorized or | ||||
| accidental manner." | ||||
| An architectural component receiving information from another | Data Origin: One or more properties that enable a SACM component to | |||
| architectrual component. | identify an Endpoint that is claimed to be the original source of | |||
| received data. | ||||
| Endpoint | Data Provenance: A historical record of the origins and evolution of | |||
| data that is influenced by inputs, entities, functions and | ||||
| processes. | ||||
| Defined in [RFC5209] as "any computing device that can be | Endpoint: Defined in [RFC5209] as "any computing device that can be | |||
| connected to a network. Such devices normally are associated with | connected to a network. Such devices normally are associated with | |||
| a particular link layer address before joining the network and | a particular link layer address before joining the network and | |||
| potentially an IP address once on the network. This includes: | potentially an IP address once on the network. This includes: | |||
| laptops, desktops, servers, cell phones, or any device that may | laptops, desktops, servers, cell phones, or any device that may | |||
| have an IP address." | have an IP address." | |||
| To further clarify the [RFC5209] definition, an endpoint is any | To further clarify the [RFC5209] definition, an endpoint is any | |||
| physical or virtual device that may have a network address. Note | physical or virtual device that may have a network address. Note | |||
| that, network infrastructure devices (e.g. switches, routers, | that, network infrastructure devices (e.g. switches, routers, | |||
| firewalls), which fit the definition, are also considered to be | firewalls), which fit the definition, are also considered to be | |||
| endpoints within this document. | endpoints within this document. | |||
| Based on the previous definition of an asset, an endpoint is a | Based on the previous definition of an asset, an endpoint is a | |||
| type of asset. | type of asset. | |||
| Evaluation Task | Endpoint Attributes: [TODO] (Definition of content, structure, and | |||
| relationship to Posture Attributes) | ||||
| The process by which posture attributes are evaluated. | ||||
| Endpoint Target | ||||
| The endpoint of interest. | ||||
| Endpoint Discovery | ||||
| The process by which an endpoint can be identified. | ||||
| Evaluation Result | ||||
| The resulting value from having evaluated a set of posture | ||||
| attributes. | ||||
| Expected Endpoint State | ||||
| The required state of an endpoint that is to be compared against. | ||||
| Function | ||||
| A behavioral aspect of a particular architectural component, which | ||||
| belies that component's purpose. For example, the Management | ||||
| Plane can provide a brokering function to other SACM architectrual | ||||
| components. | ||||
| Information Model | Evaluation Task: The task by which endpoint attributes are | |||
| evaluated. | ||||
| An information model is an abstract representation of data, their | Evaluation Result: The resulting value from having evaluated a set | |||
| properties, relationships between data and the operations that can | of posture attributes. | |||
| be performed on the data. While there is some overlap with a data | ||||
| model, [RFC3444] distinguished an information model as being | ||||
| protocol and implementation neutral whereas a data model would | ||||
| provide such details. | ||||
| Management Plane (TBD per list; was "Control Plane") | Expected Endpoint State: The required state of an endpoint that is | |||
| to be compared against. | ||||
| Architectural component providing common functions to all SACM | Function: A behavioral aspect or capacity of a particular building | |||
| participants, including authentication, authorization, | block, which belies that building blocks's purpose. For example, | |||
| capabilities mappings, and the like. | a building block on the control plane can provide a brokering | |||
| function to other SACM components. On the data plane, a function | ||||
| can act as a provider and/or as a consumer of information. | ||||
| Posture | Information Model: An information model is an abstract | |||
| representation of data, their properties, relationships between | ||||
| data and the operations that can be performed on the data. While | ||||
| there is some overlap with a data model, [RFC3444] distinguishes | ||||
| an information model as being protocol and implementation neutral | ||||
| whereas a data model would provide such details. | ||||
| Defined in [RFC5209] as "configuration and/or status of hardware | Management Plane (TBD per list; was "Control Plane"): Architectural | |||
| or software on an endpoint as it pertains to an organization's | component providing common functions to all SACM participants, | |||
| security policy." | including authentication, authorization, capabilities mappings, | |||
| and the like. | ||||
| This term is used within the scope of this document to represent | Posture: Defined in [RFC5209] as "configuration and/or status of | |||
| the state information that is collected from an endpoint (e.g. | hardware or software on an endpoint as it pertains to an | |||
| software/hardware inventory, configuration settings). The state | organization's security policy." | |||
| information may constitute one to many Posture Attributes. | ||||
| Posture Attributes | This term is used within the scope of SACM to represent the | |||
| configuration and state information that is collected from an | ||||
| endpoint (e.g. software/hardware inventory, configuration | ||||
| settings, dynamically assigned addresses). This information may | ||||
| constitute one to many Posture Attributes. | ||||
| Defined in [RFC5209] as "attributes describing the configuration | Posture Attributes: Defined in [RFC5209] as "attributes describing | |||
| or status (posture) of a feature of the endpoint. A Posture | the configuration or status (posture) of a feature of the | |||
| Attribute represents a single property of an observed state. For | endpoint. A Posture Attribute represents a single property of an | |||
| example, a Posture Attribute might describe the version of the | observed state. For example, a Posture Attribute might describe | |||
| operating system installed on the system." | the version of the operating system installed on the system." | |||
| Within this document this term represents a specific assertion | Within this document this term represents a specific assertion | |||
| about endpoint state (e.g. configuration setting, installed | about endpoint configuration or state (e.g. configuration setting, | |||
| software, hardware). The phrase "features of the endpoint" refers | installed software, hardware). The phrase "features of the | |||
| to installed software or software components. | endpoint" refers to installed software or software components. | |||
| Provider | ||||
| An architectural component providing information to another | ||||
| architectrual component. | ||||
| Proxy | Provider: An architectural component providing information to | |||
| another architectrual component. | ||||
| An architectural component providing functions, information, or | Proxy: An architectural component providing functions, information, | |||
| services on behalf of another component, which is not directly | or services on behalf of another component, which is not directly | |||
| participating in the architecture. | participating in the architecture. | |||
| Repository | Repository: An architectural component intended to store information | |||
| of a particular kind. A single repository may provide the | ||||
| functions of more than one repository type (i.e. configuration | ||||
| baseline repository, assessment results repository, etc.) | ||||
| An architectural component intended to store information of a | SACM Role: A label representing a collection of building blocks | |||
| particular kind. A single repository may provide the functions of | (containing functions and composing SACM components) residing on a | |||
| more than one repository type (i.e. configuration baseline | particular endpoint. If a particular endpoint does not contain | |||
| repository, assessment results repository, etc.) | any SACM components it takes on the role of a target endpoint | |||
| unless indicated otherwise. | ||||
| Role | SACM Component: A composition of building blocks that contain | |||
| control plane, data plane or management plane functions. SACM | ||||
| defines a set of standard components (e.g. a collector, a broker, | ||||
| or a data store). A SACM component MUST contain at least a basic | ||||
| set of control plane building blocks and MAY contain data plane | ||||
| and managment plane building blocks. A SACM component residing on | ||||
| an endpoint assigns one or more SACM roles to the corresponding | ||||
| endpoint. A SACM component "resides on" an endpoint and an | ||||
| endpoint "contains" a SACM component, correspondingly. | ||||
| A label representing a collection of functions provided by a | SACM Component Discovery: The function by which a SACM component (or | |||
| particular architectural component. | subsets, such as SACM roles or other functions) can be discovered. | |||
| Security Automation | Security Automation: The process of which security alerts can be | |||
| automated through the use of different tools to monitor, evaluate | ||||
| and analyze endpoint and network traffic for the purposes of | ||||
| detecting misconfigurations, misbehaviors or threats. | ||||
| The process of which security alerts can be automated through the | Supplicant: The entity seeking to be authenticated by the Management | |||
| use of different tools to monitor, evaluate and analyze endpoint | Plane for the purpose of participating in the SACM architecture. | |||
| and network traffic for the purposes of detecting | ||||
| misconfigurations, misbehaviors or threats. | ||||
| Supplicant | System Resource: Defined in [RFC4949] as "data contained in an | |||
| information system; or a service provided by a system; or a system | ||||
| capacity, such as processing power or communication bandwidth; or | ||||
| an item of system equipment (i.e., hardware, firmware, software, | ||||
| or documentation); or a facility that houses system operations and | ||||
| equipment. | ||||
| The entity seeking to be authenticated by the Management Plane for | Target Endpoint: A target endpoint is a SACM Role. An endpoint that | |||
| the purpose of participating in the SACM architecture. | takes on the target endpoint role either contains no SACM | |||
| component or contains an internal SACM component. A target | ||||
| endpoint is an "endpoint under assessment" (even if it is not | ||||
| actively under assessment at all times). If an endpoint takes on | ||||
| both the role of target endpoint and _Not A Target Endpoint_ [TBD] | ||||
| it is not a Target Endpoint. | ||||
| System Resource | A target endpoint is similar to a device that is a Target of | |||
| Evaluation (TOE) as defined in Common Criteria. | ||||
| Defined in [RFC4949] as "data contained in an information system; | Target Endpoint Discovery: The function by which target endpoints | |||
| or a service provided by a system; or a system capacity, such as | can be discovered. | |||
| processing power or communication bandwidth; or an item of system | ||||
| equipment (i.e., hardware, firmware, software, or documentation); | ||||
| or a facility that houses system operations and equipment. | ||||
| 3. IANA Considerations | 3. IANA Considerations | |||
| This memo includes no request to IANA. | This memo includes no request to IANA. | |||
| 4. Security Considerations | 4. Security Considerations | |||
| This memo documents terminology for security automation. While it is | This memo documents terminology for security automation. While it is | |||
| about security, it does not affect security. | about security, it does not affect security. | |||
| 5. Acknowledgements | 5. Acknowledgements | |||
| 6. Change Log | 6. Change Log | |||
| 6.1. ietf-sacm-terminology-01- to -02- | Changes from version 00 to version 01: | |||
| Added simple list of terms extracted from UC draft -05. It is | o Added simple list of terms extracted from UC draft -05. It is | |||
| expected that comments will be received on this list of terms as to | expected that comments will be received on this list of terms as | |||
| whether they should be kept in this document. Those that are kept | to whether they should be kept in this document. Those that are | |||
| will be appropriately defined or cited. | kept will be appropriately defined or cited. | |||
| 6.2. ietf-sacm-terminology-01- to -02- | Changes from version 01 to version 02: | |||
| Added Vulnerability, Vulnerability Management, xposure, | o Added Vulnerability, Vulnerability Management, xposure, | |||
| Misconfiguration, and Software flaw. | Misconfiguration, and Software flaw. | |||
| 6.3. ietf-sacm-terminology-02- to -03- | Changes from version 02 to version 03: | |||
| Removed Section 2.1. Cleaned up some editing nits; broke terms into | o Removed Section 2.1. Cleaned up some editing nits; broke terms | |||
| 2 sections (predefined and newly defined terms). Added some of the | into 2 sections (predefined and newly defined terms). Added some | |||
| relevant terms per the proposed list discussed in the IETF 89 | of the relevant terms per the proposed list discussed in the IETF | |||
| meeting. | 89 meeting. | |||
| 6.4. ietf-sacm-terminology-03 to -04- | Changes from version 03 to version 04: | |||
| TODO | o TODO | |||
| 6.5. ietf-sacm-terminology-04 to -05- | Changes from version 04 to version 05: | |||
| TODO | o TODO | |||
| 6.6. ietf-sacm-terminology-05 to -06- | Changes from version 05 to version 06: | |||
| Updated author information. | o Updated author information. | |||
| Combined "Pre-defined Terms" with "New Terms and Definitions". | o Combined "Pre-defined Terms" with "New Terms and Definitions". | |||
| Removed "Requirements language". | o Removed "Requirements language". | |||
| Removed unused reference to use case draft; resulted in removal of | o Removed unused reference to use case draft; resulted in removal of | |||
| normative references. | normative references. | |||
| Removed introductory text from Section 1 indicating that this | o Removed introductory text from Section 1 indicating that this | |||
| document is intended to be temporary. | document is intended to be temporary. | |||
| Added placeholders for missing change log entries. | o Added placeholders for missing change log entries. | |||
| 7. Informative References | Changes from version 06 to version 07: | |||
| [RFC3444] Pras, A. and J. Schoenwaelder, "On the Difference between | o Added Contributors section. | |||
| Information Models and Data Models", RFC 3444, January | ||||
| 2003. | ||||
| [RFC4949] Shirey, R., "Internet Security Glossary, Version 2", RFC | o Updated author list. | |||
| 4949, August 2007. | ||||
| [RFC5209] Sangster, P., Khosravi, H., Mani, M., Narayan, K., and J. | o Changed title from "Terminology for Security Assessment" to | |||
| Tardo, "Network Endpoint Assessment (NEA): Overview and | "Secure Automation and Continuous Monitoring (SACM) Terminology". | |||
| Requirements", RFC 5209, June 2008. | ||||
| Authors' Addresses | o Changed abbrev from "SACM-Terms" to "SACM Terminology". | |||
| o Added appendix The Attic to stash terms for future updates. | ||||
| o Added Authentication, Authorization, Data Confidentiality, Data | ||||
| Integrity, Data Origin, Data Provenance, SACM Component, SACM | ||||
| Component Discovery, Target Endpoint Discovery. | ||||
| o Major updates to Building Block, Function, SACM Role, Target | ||||
| Endpoint. | ||||
| o Minor updates to Broker, Capability, Collection Task, Evaluation | ||||
| Task, Posture. | ||||
| o Relabled Role to SACM Role, Endpoint Target to Target Endpoint, | ||||
| Endpoint Discovery to Endpoint Identification. | ||||
| o Moved Asset Targeting, Client, Endpoint Identification to The | ||||
| Attic. | ||||
| o Endpoint Attributes added as a TODO. | ||||
| o Changed the structure of the Change Log. | ||||
| 7. Contributors | ||||
| David Waltermire | David Waltermire | |||
| National Institute of Standards and Technology | National Institute of Standards and Technology | |||
| 100 Bureau Drive | 100 Bureau Drive | |||
| Gaithersburg, Maryland 20877 | Gaithersburg, Maryland 20877 | |||
| USA | USA | |||
| Email: david.waltermire@nist.gov | Email: david.waltermire@nist.gov | |||
| Adam W. Montville | Adam W. Montville | |||
| Center for Internet Security | Center for Internet Security | |||
| 31 Tech Valley Drive | 31 Tech Valley Drive | |||
| East Greenbush, New York 12061 | East Greenbush, New York 12061 | |||
| USA | USA | |||
| Email: adam.w.montville@gmail.com | Email: adam.w.montville@gmail.com | |||
| David Harrington | David Harrington | |||
| Effective Software | Effective Software | |||
| 50 Harding Rd | 50 Harding Rd | |||
| Portsmouth, NH 03801 | Portsmouth, NH 03801 | |||
| USA | USA | |||
| Email: ietfdbh@comcast.net | Email: ietfdbh@comcast.net | |||
| skipping to change at page 9, line 25 | skipping to change at page 9, line 19 | |||
| Portsmouth, NH 03801 | Portsmouth, NH 03801 | |||
| USA | USA | |||
| Email: ietfdbh@comcast.net | Email: ietfdbh@comcast.net | |||
| Nancy Cam-Winget | Nancy Cam-Winget | |||
| Cisco Systems | Cisco Systems | |||
| 3550 Cisco Way | 3550 Cisco Way | |||
| San Jose, CA 95134 | San Jose, CA 95134 | |||
| US | US | |||
| Jarrett Lu | ||||
| Oracle Corporation | ||||
| 4180 Network Circle | ||||
| Santa Clara, California 95054 | ||||
| Email: ncamwing@cisco.com | Email: jarrett.lu@oracle.com | |||
| Jarrett Lu | Jarrett Lu | |||
| Oracle Corporation | Oracle Corporation | |||
| 4180 Network Circle | 4180 Network Circle | |||
| Santa Clara, California 95054 | Santa Clara, California 95054 | |||
| Email: jarrett.lu@oracle.com | Email: jarrett.lu@oracle.com | |||
| Brian Ford | Brian Ford | |||
| Lancope | Lancope | |||
| skipping to change at page 10, line 4 | skipping to change at page 9, line 39 | |||
| Santa Clara, California 95054 | Santa Clara, California 95054 | |||
| Email: jarrett.lu@oracle.com | Email: jarrett.lu@oracle.com | |||
| Brian Ford | Brian Ford | |||
| Lancope | Lancope | |||
| 3650 Brookside Parkway, Suite 500 | 3650 Brookside Parkway, Suite 500 | |||
| Alpharetta, Georgia 30022 | Alpharetta, Georgia 30022 | |||
| Email: bford@lancope.com | Email: bford@lancope.com | |||
| Merike Kaeo | Merike Kaeo | |||
| Double Shot Security | Double Shot Security | |||
| 3518 Fremont Avenue North, Suite 363 | 3518 Fremont Avenue North, Suite 363 | |||
| Seattle, Washington 98103 | Seattle, Washington 98103 | |||
| Email: merike@doubleshotsecurity.com | Email: merike@doubleshotsecurity.com | |||
| 8. Informative References | ||||
| [RFC3444] Pras, A. and J. Schoenwaelder, "On the Difference between | ||||
| Information Models and Data Models", RFC 3444, January | ||||
| 2003. | ||||
| [RFC4949] Shirey, R., "Internet Security Glossary, Version 2", RFC | ||||
| 4949, August 2007. | ||||
| [RFC5209] Sangster, P., Khosravi, H., Mani, M., Narayan, K., and J. | ||||
| Tardo, "Network Endpoint Assessment (NEA): Overview and | ||||
| Requirements", RFC 5209, June 2008. | ||||
| Appendix A. The Attic | ||||
| The following terms are stashed for now and will be updated later: | ||||
| Asset Targeting: Asset targeting is the use of asset identification | ||||
| and categorization information to drive human-directed, automated | ||||
| decision making for data collection and analysis in support of | ||||
| endpoint posture assessment. | ||||
| Client: An architectural component receiving services from another | ||||
| architectural component. | ||||
| Endpoint Identification (TBD per list; was "Endpoint Discovery"): | ||||
| The process by which an endpoint can be identified. | ||||
| Author's Address | ||||
| Henk Birkholz | ||||
| Fraunhofer SIT | ||||
| Rheinstrasse 75 | ||||
| Darmstadt 64295 | ||||
| Germany | ||||
| Email: henk.birkholz@sit.fraunhofer.de | ||||
| End of changes. 74 change blocks. | ||||
| 209 lines changed or deleted | 218 lines changed or added | |||
This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||