Quantcast

IETF 83 Birds of a Feather Session Preparation

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

IETF 83 Birds of a Feather Session Preparation

Adam Montville
All:

You may recall that in November 2010 an IETF BoF was held with the goal of
introducing the IETF community to SCAP and, ultimately, to consider 1)
whether the technology was mature enough for standardization, and 2)
whether such standardization should take place under the auspices of the
IETF.

On February 10, 2012 a Vendor Letter - signed by 16 executive-level
representatives - was sent to various SCAP stakeholders at NIST, DHS,
NCSC, and other US Government agencies.  The Vendor Letter (attached)
demonstrates a
significant level of support among vendors for moving security automation
development to the IETF.

Now, we seek to schedule a WG-forming BoF session during IETF 83 in Paris.
 As a WG-forming BoF, we will be discussing a charter, potential drafts,
and other important aspects concerning the possible move of security
automation development to the IETF.

I invite all vendors, government representatives, specification authors
and contributors to engage in a discussion on the scap_interest list (to
subscribe visit: https://www.ietf.org/mailman/listinfo/scap_interest).
Such discussion should occur before IETF 83 and cover what moving security
automation development to the IETF would mean, how a WG might be
structured, what a charter might look like, which specifications should be
first drafted, what pieces are missing, and how continuous monitoring
might additionally be included.

IT IS IMPORTANT THAT BOF-RELATED DISCUSSIONS BE CONDUCTED ON THE
SCAP_INTEREST MAILING LIST AND NOT ON INDIVIDUAL SPECIFICATION DEVELOPMENT
LISTS.

The following are areas of concern (in addition to what already exists in
the security automation domain today) we believe would be suitable for
furthering the security automation efforts on a global scale:

  * XCCDF 1.2.1
    * Alternate checking systems
    * Targeting and scheduling for interrogative checking systems
  * Security automation core elements
  * Risk scoring normalization and unification

Finally, if you believe this message should be forwarded to additional
communities of interest, please do so (I may have missed a few).

Regards,

Adam W. Montville | Security and Compliance Architect

Direct: 503 276-7661
Mobile: 360 471-7815

TRIPWIRE | Take CONTROL
http://www.tripwire.com





To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to [hidden email].

SCAP-executive_recommendation_letter.pdf (45K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

FW: [scap_interest] IETF 83 Birds of a Feather Session Preparation

Adam Montville
FYI

On 2/13/12 2:16 PM, "Adam Montville" <[hidden email]> wrote:

>All:
>
>You may recall that in November 2010 an IETF BoF was held with the goal of
>introducing the IETF community to SCAP and, ultimately, to consider 1)
>whether the technology was mature enough for standardization, and 2)
>whether such standardization should take place under the auspices of the
>IETF.
>
>On February 10, 2012 a Vendor Letter - signed by 16 executive-level
>representatives - was sent to various SCAP stakeholders at NIST, DHS,
>NCSC, and other US Government agencies.  The Vendor Letter (attached)
>demonstrates a
>significant level of support among vendors for moving security automation
>development to the IETF.
>
>Now, we seek to schedule a WG-forming BoF session during IETF 83 in Paris.
> As a WG-forming BoF, we will be discussing a charter, potential drafts,
>and other important aspects concerning the possible move of security
>automation development to the IETF.
>
>I invite all vendors, government representatives, specification authors
>and contributors to engage in a discussion on the scap_interest list (to
>subscribe visit: https://www.ietf.org/mailman/listinfo/scap_interest).
>Such discussion should occur before IETF 83 and cover what moving security
>automation development to the IETF would mean, how a WG might be
>structured, what a charter might look like, which specifications should be
>first drafted, what pieces are missing, and how continuous monitoring
>might additionally be included.
>
>IT IS IMPORTANT THAT BOF-RELATED DISCUSSIONS BE CONDUCTED ON THE
>SCAP_INTEREST MAILING LIST AND NOT ON INDIVIDUAL SPECIFICATION DEVELOPMENT
>LISTS.
>
>The following are areas of concern (in addition to what already exists in
>the security automation domain today) we believe would be suitable for
>furthering the security automation efforts on a global scale:
>
>  * XCCDF 1.2.1
>    * Alternate checking systems
>    * Targeting and scheduling for interrogative checking systems
>  * Security automation core elements
>  * Risk scoring normalization and unification
>
>NOTE: I originally sent this with multiple recipients, but that message
>was held for moderation.  I'm "reposting" the message without the
>additional recipients.
>
>Regards,
>
>Adam W. Montville | Security and Compliance Architect
>
>Direct: 503 276-7661
>Mobile: 360 471-7815
>
>TRIPWIRE | Take CONTROL
>http://www.tripwire.com
>
>
>
>
>_______________________________________________
>scap_interest mailing list
>[hidden email]
>https://www.ietf.org/mailman/listinfo/scap_interest

To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to [hidden email].

SCAP-executive_recommendation_letter.pdf (45K) Download Attachment
Loading...