All:
You may recall that in November 2010 an IETF BoF was held with the goal of introducing the IETF community to SCAP and, ultimately, to consider 1) whether the technology was mature enough for standardization, and 2) whether such standardization should take place under the auspices of the IETF. On February 10, 2012 a Vendor Letter - signed by 16 executive-level representatives - was sent to various SCAP stakeholders at NIST, DHS, NCSC, and other US Government agencies. The Vendor Letter (attached) demonstrates a significant level of support among vendors for moving security automation development to the IETF. Now, we seek to schedule a WG-forming BoF session during IETF 83 in Paris. As a WG-forming BoF, we will be discussing a charter, potential drafts, and other important aspects concerning the possible move of security automation development to the IETF. I invite all vendors, government representatives, specification authors and contributors to engage in a discussion on the scap_interest list (to subscribe visit: https://www.ietf.org/mailman/listinfo/scap_interest). Such discussion should occur before IETF 83 and cover what moving security automation development to the IETF would mean, how a WG might be structured, what a charter might look like, which specifications should be first drafted, what pieces are missing, and how continuous monitoring might additionally be included. IT IS IMPORTANT THAT BOF-RELATED DISCUSSIONS BE CONDUCTED ON THE SCAP_INTEREST MAILING LIST AND NOT ON INDIVIDUAL SPECIFICATION DEVELOPMENT LISTS. The following are areas of concern (in addition to what already exists in the security automation domain today) we believe would be suitable for furthering the security automation efforts on a global scale: * XCCDF 1.2.1 * Alternate checking systems * Targeting and scheduling for interrogative checking systems * Security automation core elements * Risk scoring normalization and unification Finally, if you believe this message should be forwarded to additional communities of interest, please do so (I may have missed a few). Regards, Adam W. Montville | Security and Compliance Architect Direct: 503 276-7661 Mobile: 360 471-7815 TRIPWIRE | Take CONTROL http://www.tripwire.com |
FYI
On 2/13/12 2:16 PM, "Adam Montville" <[hidden email]> wrote: >All: > >You may recall that in November 2010 an IETF BoF was held with the goal of >introducing the IETF community to SCAP and, ultimately, to consider 1) >whether the technology was mature enough for standardization, and 2) >whether such standardization should take place under the auspices of the >IETF. > >On February 10, 2012 a Vendor Letter - signed by 16 executive-level >representatives - was sent to various SCAP stakeholders at NIST, DHS, >NCSC, and other US Government agencies. The Vendor Letter (attached) >demonstrates a >significant level of support among vendors for moving security automation >development to the IETF. > >Now, we seek to schedule a WG-forming BoF session during IETF 83 in Paris. > As a WG-forming BoF, we will be discussing a charter, potential drafts, >and other important aspects concerning the possible move of security >automation development to the IETF. > >I invite all vendors, government representatives, specification authors >and contributors to engage in a discussion on the scap_interest list (to >subscribe visit: https://www.ietf.org/mailman/listinfo/scap_interest). >Such discussion should occur before IETF 83 and cover what moving security >automation development to the IETF would mean, how a WG might be >structured, what a charter might look like, which specifications should be >first drafted, what pieces are missing, and how continuous monitoring >might additionally be included. > >IT IS IMPORTANT THAT BOF-RELATED DISCUSSIONS BE CONDUCTED ON THE >SCAP_INTEREST MAILING LIST AND NOT ON INDIVIDUAL SPECIFICATION DEVELOPMENT >LISTS. > >The following are areas of concern (in addition to what already exists in >the security automation domain today) we believe would be suitable for >furthering the security automation efforts on a global scale: > > * XCCDF 1.2.1 > * Alternate checking systems > * Targeting and scheduling for interrogative checking systems > * Security automation core elements > * Risk scoring normalization and unification > >NOTE: I originally sent this with multiple recipients, but that message >was held for moderation. I'm "reposting" the message without the >additional recipients. > >Regards, > >Adam W. Montville | Security and Compliance Architect > >Direct: 503 276-7661 >Mobile: 360 471-7815 > >TRIPWIRE | Take CONTROL >http://www.tripwire.com > > > > >_______________________________________________ >scap_interest mailing list >[hidden email] >https://www.ietf.org/mailman/listinfo/scap_interest |
In reply to this post by Adam Montville
FYI
On 2/13/12 2:16 PM, "Adam Montville" <[hidden email]> wrote: >All: > >You may recall that in November 2010 an IETF BoF was held with the goal of >introducing the IETF community to SCAP and, ultimately, to consider 1) >whether the technology was mature enough for standardization, and 2) >whether such standardization should take place under the auspices of the >IETF. > >On February 10, 2012 a Vendor Letter - signed by 16 executive-level >representatives - was sent to various SCAP stakeholders at NIST, DHS, >NCSC, and other US Government agencies. The Vendor Letter (attached) >demonstrates a >significant level of support among vendors for moving security automation >development to the IETF. > >Now, we seek to schedule a WG-forming BoF session during IETF 83 in Paris. > As a WG-forming BoF, we will be discussing a charter, potential drafts, >and other important aspects concerning the possible move of security >automation development to the IETF. > >I invite all vendors, government representatives, specification authors >and contributors to engage in a discussion on the scap_interest list (to >subscribe visit: https://www.ietf.org/mailman/listinfo/scap_interest). >Such discussion should occur before IETF 83 and cover what moving security >automation development to the IETF would mean, how a WG might be >structured, what a charter might look like, which specifications should be >first drafted, what pieces are missing, and how continuous monitoring >might additionally be included. > >IT IS IMPORTANT THAT BOF-RELATED DISCUSSIONS BE CONDUCTED ON THE >SCAP_INTEREST MAILING LIST AND NOT ON INDIVIDUAL SPECIFICATION DEVELOPMENT >LISTS. > >The following are areas of concern (in addition to what already exists in >the security automation domain today) we believe would be suitable for >furthering the security automation efforts on a global scale: > > * XCCDF 1.2.1 > * Alternate checking systems > * Targeting and scheduling for interrogative checking systems > * Security automation core elements > * Risk scoring normalization and unification > >Finally, if you believe this message should be forwarded to additional >communities of interest, please do so (I may have missed a few). > >Regards, > >Adam W. Montville | Security and Compliance Architect > >Direct: 503 276-7661 >Mobile: 360 471-7815 > >TRIPWIRE | Take CONTROL >http://www.tripwire.com > > > > |
Free forum by Nabble | Edit this page |