[saag] SACM BoF Summary

"Moriarty, Kathleen" <kathleen.moriarty@emc.com> Thu, 08 November 2012 18:58 UTC

Return-Path: <kathleen.moriarty@emc.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C466521F85CB for <saag@ietfa.amsl.com>; Thu, 8 Nov 2012 10:58:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.493
X-Spam-Level:
X-Spam-Status: No, score=-2.493 tagged_above=-999 required=5 tests=[AWL=0.106, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YFETmG455GXi for <saag@ietfa.amsl.com>; Thu, 8 Nov 2012 10:58:10 -0800 (PST)
Received: from mexforward.lss.emc.com (hop-nat-141.emc.com [168.159.213.141]) by ietfa.amsl.com (Postfix) with ESMTP id 1EDDF21F85B1 for <saag@ietf.org>; Thu, 8 Nov 2012 10:58:09 -0800 (PST)
Received: from hop04-l1d11-si02.isus.emc.com (HOP04-L1D11-SI02.isus.emc.com [10.254.111.55]) by mexforward.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id qA8Iw9eb030185 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <saag@ietf.org>; Thu, 8 Nov 2012 13:58:09 -0500
Received: from mailhub.lss.emc.com (mailhubhoprd04.lss.emc.com [10.254.222.226]) by hop04-l1d11-si02.isus.emc.com (RSA Interceptor) for <saag@ietf.org>; Thu, 8 Nov 2012 13:57:59 -0500
Received: from mxhub10.corp.emc.com (mxhub10.corp.emc.com [10.254.92.105]) by mailhub.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id qA8IvuHG029746 for <saag@ietf.org>; Thu, 8 Nov 2012 13:57:56 -0500
Received: from mx15a.corp.emc.com ([169.254.1.83]) by mxhub10.corp.emc.com ([10.254.92.105]) with mapi; Thu, 8 Nov 2012 13:57:56 -0500
From: "Moriarty, Kathleen" <kathleen.moriarty@emc.com>
To: "saag@ietf.org" <saag@ietf.org>
Date: Thu, 8 Nov 2012 13:57:56 -0500
Thread-Topic: SACM BoF Summary
Thread-Index: AQHNveL2gDmiDRcnVk2bmX+zkvkg9w==
Message-ID: <F5063677821E3B4F81ACFB7905573F24092B0360@MX15A.corp.emc.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-EMM-MHVC: 1
Subject: [saag] SACM BoF Summary
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Nov 2012 18:58:10 -0000

SACM BoF -- Security Automation and Continuous Monitoring
Tuesday morning
BoF Chairs: Kathleen Moriarty & Dan Romascanu

The SACM BoF went very well, providing an overview of the problem space and proposed architecture for security automation and continuous monitoring (SACM).  The set of drafts presented included some that have been previously published through NIST and have been put into drafts.  The work includes formats and protocols to represent assets, assess systems, map them to policies, and report.

People mostly agree that the problem space is understood.
There were 10 people who said they were willing to be editors and about 17 reviewers.

The consensus was to start from requirements and then develop an architecture to explain how the use cases can be met.  The group has a fairly good understanding of the problem space, but needs to document this and present it more clearly with the requirements, then the architecture.  These steps need to happen to progress the work.

More detailed minutes should be posted soon.