IETF 83 Birds of a Feather Session Preparation

>All:
>
>You may recall that in November 2010 an IETF BoF was held with the goal of
>introducing the IETF community to SCAP and, ultimately, to consider 1)
>whether the technology was mature enough for standardization, and 2)
>whether such standardization should take place under the auspices of the
>IETF.
>
>On February 10, 2012 a Vendor Letter - signed by 16 executive-level
>representatives - was sent to various SCAP stakeholders at NIST, DHS,
>NCSC, and other US Government agencies.  The Vendor Letter (attached)
>demonstrates a
>significant level of support among vendors for moving security automation
>development to the IETF.
>
>Now, we seek to schedule a WG-forming BoF session during IETF 83 in Paris.
> As a WG-forming BoF, we will be discussing a charter, potential drafts,
>and other important aspects concerning the possible move of security
>automation development to the IETF.
>
>I invite all vendors, government representatives, specification authors
>and contributors to engage in a discussion on the scap_interest list (to
>subscribe visit: https://www.ietf.org/mailman/listinfo/scap_interest).
>Such discussion should occur before IETF 83 and cover what moving security
>automation development to the IETF would mean, how a WG might be
>structured, what a charter might look like, which specifications should be
>first drafted, what pieces are missing, and how continuous monitoring
>might additionally be included.
>
>IT IS IMPORTANT THAT BOF-RELATED DISCUSSIONS BE CONDUCTED ON THE
>SCAP_INTEREST MAILING LIST AND NOT ON INDIVIDUAL SPECIFICATION DEVELOPMENT
>LISTS.
>
>The following are areas of concern (in addition to what already exists in
>the security automation domain today) we believe would be suitable for
>furthering the security automation efforts on a global scale:
>
>  * XCCDF 1.2.1
>    * Alternate checking systems
>    * Targeting and scheduling for interrogative checking systems
>  * Security automation core elements
>  * Risk scoring normalization and unification
>
>NOTE: I originally sent this with multiple recipients, but that message
>was held for moderation.  I'm "reposting" the message without the
>additional recipients.
>
>Regards,
>
>Adam W. Montville | Security and Compliance Architect
>
>Direct: 503 276-7661
>Mobile: 360 471-7815
>
>TRIPWIRE | Take CONTROL
>http://www.tripwire.com
>
>
>
>
>_______________________________________________
>scap_interest mailing list
>[hidden email]
>https://www.ietf.org/mailman/listinfo/scap_interest

>All:
>
>You may recall that in November 2010 an IETF BoF was held with the goal of
>introducing the IETF community to SCAP and, ultimately, to consider 1)
>whether the technology was mature enough for standardization, and 2)
>whether such standardization should take place under the auspices of the
>IETF.
>
>On February 10, 2012 a Vendor Letter - signed by 16 executive-level
>representatives - was sent to various SCAP stakeholders at NIST, DHS,
>NCSC, and other US Government agencies.  The Vendor Letter (attached)
>demonstrates a
>significant level of support among vendors for moving security automation
>development to the IETF.
>
>Now, we seek to schedule a WG-forming BoF session during IETF 83 in Paris.
> As a WG-forming BoF, we will be discussing a charter, potential drafts,
>and other important aspects concerning the possible move of security
>automation development to the IETF.
>
>I invite all vendors, government representatives, specification authors
>and contributors to engage in a discussion on the scap_interest list (to
>subscribe visit: https://www.ietf.org/mailman/listinfo/scap_interest).
>Such discussion should occur before IETF 83 and cover what moving security
>automation development to the IETF would mean, how a WG might be
>structured, what a charter might look like, which specifications should be
>first drafted, what pieces are missing, and how continuous monitoring
>might additionally be included.
>
>IT IS IMPORTANT THAT BOF-RELATED DISCUSSIONS BE CONDUCTED ON THE
>SCAP_INTEREST MAILING LIST AND NOT ON INDIVIDUAL SPECIFICATION DEVELOPMENT
>LISTS.
>
>The following are areas of concern (in addition to what already exists in
>the security automation domain today) we believe would be suitable for
>furthering the security automation efforts on a global scale:
>
>  * XCCDF 1.2.1
>    * Alternate checking systems
>    * Targeting and scheduling for interrogative checking systems
>  * Security automation core elements
>  * Risk scoring normalization and unification
>
>Finally, if you believe this message should be forwarded to additional
>communities of interest, please do so (I may have missed a few).
>
>Regards,
>
>Adam W. Montville | Security and Compliance Architect
>
>Direct: 503 276-7661
>Mobile: 360 471-7815
>
>TRIPWIRE | Take CONTROL
>http://www.tripwire.com
>
>
>
>