Re: [sacm] Working Group Last Call for draft-ietf-sacm-vuln-scenario

["Wolfkiel, Joseph L CIV DISA ID (US)" <joseph.l.wolfkiel.civ@mail.mil>]

I did a run-through on the vulnerability scenario, which I sent to Danny last Friday.  I used comments and track changes in MS Word to annotate the document.  None of my comments are critical or meant to hold up the approval of the document.  This is a response to Danny's request for a quick review since I provided a bunch of comments earlier.

Joseph L. Wolfkiel
SCM Engineering Lead
DISA ID52
Fort Meade DISA Acquisiton Bldg Cube A4A58E
Work: (301) 225-8820
Gov Cell: (571) 814-8231
Joseph.L.Wolfkiel.civ@mail.mil



-----Original Message-----
From: Haynes, Dan [mailto:dhaynes@mitre.org] 
Sent: Monday, August 08, 2016 9:19 AM
To: Wolfkiel, Joseph L CIV DISA ID (US)
Subject: [Non-DoD Source] RE: [sacm] Working Group Last Call for draft-ietf-sacm-vuln-scenario

All active links contained in this email were disabled.  Please verify the identity of the sender, and confirm the authenticity of all links contained within the message prior to copying and pasting the address to a Web browser.  




----

Thanks Joe!  Do you mind sending your comments on the scenario to the list?

Thanks,

Danny

> -----Original Message-----
> From: Wolfkiel, Joseph L CIV DISA ID (US)
> [Caution-mailto:joseph.l.wolfkiel.civ@mail.mil]
> Sent: Friday, August 05, 2016 3:57 PM
> To: Haynes, Dan <dhaynes@mitre.org>
> Subject: RE:[sacm] Working Group Last Call for draft-ietf-sacm-vuln-scenario
>
> Here it is with more markups.  I'm not hard over on any of them, but you can
> look and decide which, if any, you want to address before going final.
>
> Since this is just "a" scenario, it's not quite as big a deal that it 
> doesn't match
> well with how I'm used to seeing vulnerability management activities
> conducted.
>
> In case you have some time, I've included a subset of the DoD draft
> vulnerability management publication that addresses vulnerability scanning
> and how it fits into our asset updating and maintenance process  (not for
> public release--I'm trying to get the FOUO disclaimer removed).  You can
> probably see that it doesn't match very well with the SACM scenario.  It 
> also
> doesn't match our current process, which somehow has gotten completely
> divorced from the patch management process and appears to be something
> of a self-licking ice cream cone.
>
> Joseph L. Wolfkiel
> SCM Engineering Lead
> DISA ID52
> Fort Meade DISA Acquisiton Bldg Cube A4A58E
> Work: (301) 225-8820
> Gov Cell: (571) 814-8231
> Joseph.L.Wolfkiel.civ@mail.mil
>
>
>
> -----Original Message-----
> From: Haynes, Dan [Caution-mailto:dhaynes@mitre.org]
> Sent: Thursday, August 04, 2016 3:55 PM
> To: Wolfkiel, Joseph L CIV DISA ID (US)
> Subject: RE: [Non-DoD Source] FW: [sacm] Working Group Last Call for draft-
> ietf-sacm-vuln-scenario
>
> All active links contained in this email were disabled. Please verify the
> identity of the sender, and confirm the authenticity of all links contained
> within the message prior to copying and pasting the address to a Web
> browser.
>
>
> ________________________________
>
>
>
>
> Thanks Joe!  Enjoy your time off!
>
>
>
> -Danny
>
>
>
> From: Wolfkiel, Joseph L CIV DISA ID (US) [Caution-
> Caution-mailto:joseph.l.wolfkiel.civ@mail.mil]
> Sent: Thursday, August 04, 2016 3:47 PM
> To: Haynes, Dan <dhaynes@mitre.org>
> Subject: Re: [Non-DoD Source] FW: [sacm] Working Group Last Call for draft-
> ietf-sacm-vuln-scenario
>
>
>
> I will try to read through and provide any comments when I am back in the
> office off leave tomorrow.
>
>
>
> Sent from my BlackBerry 10 smartphone.
>
> From:Haynes, Dan
>
> Sent:Thursday, August 4, 2016 11:44 AM
>
> To:Wolfkiel, Joseph L CIV DISA ID (US)
>
> Subject:[Non-DoD Source] FW: [sacm] Working Group Last Call for draft-ietf-
> sacm-vuln-scenario
>
>
>
> All active links contained in this email were disabled. Please verify the
> identity of the sender, and confirm the authenticity of all links contained
> within the message prior to copying and pasting the address to a Web
> browser.
>
> ________________________________
>
>
>
> Hi Joe,
>
>
>
> Given that you had a lot of good feedback on the original draft, I wanted to
> reach out and see if you had a chance to review the latest version.  If you
> have any feedback or if you think it is good to go, please reply to Adam's
> message below on list.  The working group chairs are trying to get any
> remaining feedback and determine if it can be submitted to the IESG for
> review and publication.
>
>
>
> Thanks,
>
> Danny
>
>
>
> From: sacm [Caution-Caution-Caution-mailto:sacm-bounces@ietf.org]On Behalf
> OfAdam Montville
> Sent: Monday, August 01, 2016 5:48 PM
> To: <sacm@ietf.org < Caution-Caution-mailto:sacm@ietf.org > > <sacm@ietf.org <
> Caution-Caution-mailto:sacm@ietf.org > >
> Subject: Re: [sacm] Working Group Last Call for 
> draft-ietf-sacm-vuln-scenario
>
>
>
> All:
>
>
>
> This is a reminder on this WGLC.  Please provide your input in favor or
> against.  I'm surprised no one has yet chimed in.
>
>
>
> Kind regards,
>
>
>
> Adam
>
>
>
> 	On Jul 28, 2016, at 10:20 AM, Adam Montville
> <adam.w.montville@gmail.com < Caution-Caution-
> Caution-mailto:adam.w.montville@gmail.com  < Caution-
> Caution-mailto:adam.w.montville@gmail.com %3c Caution-Caution-
> Caution-mailto:adam.w.montville@gmail.com  > > > wrote:
>
>
>
> 	This message starts a Working Group Last Call for the Internet-Draft
> 'SACM Vulnerability Assessment Scenario' - Caution-Caution-
> Caution-https://datatracker.ietf.org/doc/draft-ietf-sacm-vuln-scenario/ < Caution-
> Caution-Caution-https://datatracker.ietf.org/doc/draft-ietf-sacm-vuln-scenario/ > .
> Please send your comments, questions, and edit proposals to the WG mail
> list until August 5, 2016.  If you believe the document is ready to be
> submitted to the IESG for consideration as an Informational RFC, please send
> a short message stating so.
>
>
>
> 	Kind regards,
>
>
>
> 	Adam
>
>