IETF Logo Mail Archive

Re: [sacm] FOR REVIEW: Vulnerability Assessment Scenario Issue #1 - Managing Terminology

"Haynes, Dan" <dhaynes@mitre.org> Thu, 30 June 2016 20:16 UTC

Return-Path: <dhaynes@mitre.org>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 168BD12D0ED for <sacm@ietfa.amsl.com>; Thu, 30 Jun 2016 13:16:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.626
X-Spam-Level:
X-Spam-Status: No, score=-5.626 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.426] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mitre.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WalgqXapJLJY for <sacm@ietfa.amsl.com>; Thu, 30 Jun 2016 13:16:36 -0700 (PDT)
Received: from smtpvmsrv1.mitre.org (smtpvmsrv1.mitre.org [192.52.194.136]) by ietfa.amsl.com (Postfix) with ESMTP id 647CB12B01C for <sacm@ietf.org>; Thu, 30 Jun 2016 13:16:36 -0700 (PDT)
Received: from smtpvmsrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 516746C06C4; Thu, 30 Jun 2016 16:16:35 -0400 (EDT)
Received: from imshyb01.MITRE.ORG (imshyb01.mitre.org [129.83.29.2]) by smtpvmsrv1.mitre.org (Postfix) with ESMTP id 429D96C02FC; Thu, 30 Jun 2016 16:16:35 -0400 (EDT)
Received: from imshyb02.MITRE.ORG (129.83.29.3) by imshyb01.MITRE.ORG (129.83.29.2) with Microsoft SMTP Server (TLS) id 15.0.1130.7; Thu, 30 Jun 2016 16:16:34 -0400
Received: from gcc01-CY1-obe.outbound.protection.outlook.com (10.140.19.249) by imshyb02.MITRE.ORG (129.83.29.3) with Microsoft SMTP Server (TLS) id 15.0.1130.7 via Frontend Transport; Thu, 30 Jun 2016 16:16:34 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mitre.onmicrosoft.com; s=selector1-mitre-org; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=DjuH6RcjbunbGcKProsfvX2YawdfK+mKCJL1gn0kovE=; b=uDHSoGFexThztLruaMK92I1pNKIGE6ds/7SaNi89/+PthJMlWzMuCe+8D+vQSxvL2eiAg1TPXafjOCfXEuRt77lV61f1AhIw72mTu1YRyj8m4tglChItvW7JjUfUbBgUadH6HlrsM9Tq9EkuRg1jPHrdSPrs9Nsj7P7OuFGCMB0=
Received: from BY2PR09MB1078.namprd09.prod.outlook.com (10.166.116.10) by BY2PR09MB1077.namprd09.prod.outlook.com (10.166.116.9) with Microsoft SMTP Server (TLS) id 15.1.523.12; Thu, 30 Jun 2016 20:16:28 +0000
Received: from BY2PR09MB1078.namprd09.prod.outlook.com ([10.166.116.10]) by BY2PR09MB1078.namprd09.prod.outlook.com ([10.166.116.10]) with mapi id 15.01.0523.024; Thu, 30 Jun 2016 20:16:28 +0000
From: "Haynes, Dan" <dhaynes@mitre.org>
To: Jerome Athias <athiasjerome@gmail.com>
Thread-Topic: [sacm] FOR REVIEW: Vulnerability Assessment Scenario Issue #1 - Managing Terminology
Thread-Index: AdGwZ0CBNxGcgzSeTTCG3Pz7mH3peQBw8vKAAOGJYjABcVqTUACVaOWAAKQu1aABNm1cgAN1C0qg
Date: Thu, 30 Jun 2016 20:16:28 +0000
Message-ID: <BY2PR09MB1078AEF51612150472DCB33DA5240@BY2PR09MB1078.namprd09.prod.outlook.com>
References: <BY2PR09MB1078B0A7E6D0619AE9691149A5480@BY2PR09MB1078.namprd09.prod.outlook.com> <D894CBB7-B2B2-4A78-A1BD-B8F5CD104B03@gmail.com> <BY2PR09MB10786422A2275AB93A580663A54F0@BY2PR09MB1078.namprd09.prod.outlook.com> <BY2PR09MB107805B9E5DF0CD070296E6DA5460@BY2PR09MB1078.namprd09.prod.outlook.com> <5751D73F.3060000@sit.fraunhofer.de> <BY2PR09MB10785D4627A83F68049416C1A55D0@BY2PR09MB1078.namprd09.prod.outlook.com> <CAA=AuEcHKw0+6Yn3PmhOXxZe816U3cT7unLMXg9D7v1_ZDBn2Q@mail.gmail.com>
In-Reply-To: <CAA=AuEcHKw0+6Yn3PmhOXxZe816U3cT7unLMXg9D7v1_ZDBn2Q@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=dhaynes@mitre.org;
x-originating-ip: [192.160.51.89]
x-ms-office365-filtering-correlation-id: 0a865b49-d927-4735-c8f2-08d3a1236b62
x-microsoft-exchange-diagnostics: 1; BY2PR09MB1077; 6:zY5e0CPInSdQjT22BrqCjpReFGs2+tI8hbSW+bTma3f+h0LWfwqDHWgjAwllxll6+f9vgCLe5SLOK+QD8zeQNLnSX5n1J71Et+lwpGC8hytza/7ugVm3reJA5HOd7xE85ZvnJoNDKFwunew+AqgIN/6M2aP72v24tY2P1OfatGl9+5okmzILiTD4PkbZUBBG5w3T1ecFTjLsyWucviPEB6MHybG5AkREhunpACEBhwbuYJo73SzPPp9OlWDjah1sxxIkYF0WuXV4FVQ4CGPlLyfSlOFO6KJc1C9E9OvRA7ImwT+GdCF8C81oXL3xKoQajuRwrAqMxni7Uzj1nYMOrwZB4GjgtchH/hfYcPw/BgI=; 5:0bZRLGiYyNrgY76lX5Z3cu/D8smhQsybgzrhQ2oJDM2fOPLFpytaKdJz7fmV4EeAo58alf+0fbl8Uf4ZSEJOI5QDYgfpOadWPt7pe3Cf/rU4hl3eD3s9KT7VkmBBsyI3wZbz42V7GpEyMKk/odFOJw==; 24:rhnRpgEKR1ccVJZK2oeqEHD8o0ViPwPSvC0NKb86fYetgZzd2xejpTBshw3usI6bbBBAxdU0sedRmbjsVH+9YinGKM1JEZgLAQ9GuWEwnQw=; 7:PTNWn7RmmTx9+SurQW2PF6iNDtjxZhpzyMsefIqgB8J0M/z+UbR9XSg7vXTPzc3UDI7yUDyMmcK51I/YXtkHkWr6btgKvKBJ5GMX2Mcna+WsyX4XjbBA5+nKFoJrm/Wy466LytKDzu76nKSVNrR6Vc6CvY/2d4OFNDukRu9H8z2rWO6hPhlHdCxmBldxYcg/fAl4r4NklWSCaxAqTEhSo2VfLmDlQXdzrpfXfrtz4j9nyaNdcp5Hc656RlP06LpEx2T/QkNR7ZR2ZXn86pY2og==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY2PR09MB1077;
x-microsoft-antispam-prvs: <BY2PR09MB10774BF543A50525DFA51CEEA5240@BY2PR09MB1077.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(120809045254105)(192374486261705)(271806183753584)(100405760836317);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6055026); SRVR:BY2PR09MB1077; BCL:0; PCL:0; RULEID:; SRVR:BY2PR09MB1077;
x-forefront-prvs: 0989A7979C
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(7916002)(51694002)(189002)(377454003)(5383002)(13464003)(52564003)(199003)(101416001)(189998001)(10400500002)(586003)(105586002)(5002640100001)(110136002)(86362001)(50986999)(106356001)(76576001)(3280700002)(3660700001)(102836003)(97736004)(122556002)(8676002)(19580395003)(19580405001)(3846002)(81156014)(81166006)(6116002)(54356999)(76176999)(1411001)(4326007)(2906002)(9686002)(68736007)(99286002)(7846002)(15975445007)(7696003)(93886004)(8936002)(11100500001)(33656002)(92566002)(2900100001)(2950100001)(305945005)(87936001)(77096005)(5003600100003)(66066001)(7736002)(74316002)(17413003); DIR:OUT; SFP:1101; SCL:1; SRVR:BY2PR09MB1077; H:BY2PR09MB1078.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: mitre.org does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Jun 2016 20:16:28.3672 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: c620dc48-1d50-4952-8b39-df4d54d74d82
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR09MB1077
X-OriginatorOrg: mitre.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/AlBUFzhdC8WdUgcjJaYD64lRLXI>
Cc: "sacm@ietf.org" <sacm@ietf.org>
Subject: Re: [sacm] FOR REVIEW: Vulnerability Assessment Scenario Issue #1 - Managing Terminology
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jun 2016 20:16:39 -0000

I just wanted to follow on this thread.  Based on the 6/15 virtual interim meeting [1], there seemed to be consensus that we would leave the terms from the Vulnerability Assessment Scenario I-D [2] as well as include them in the Terminology I-D [3].  The reasoning behind this was:

 1) Terms would be included in the Vulnerability Assessment Scenario I-D for improved-readability (don't need to keep looking at Terminology I-D to know what the terms mean)
 2) Terms would be included in the Terminology I-D to capture the WG's thinking at a specific point in time as well as enable the use of the terms in other I-Ds where appropriate

Does this approach reasonable to others?  Are there any major objections?  Please let me know by next Wednesday July 6th.

Thanks,

Danny

[1] https://www.ietf.org/proceedings/interim-2016-sacm-04/minutes/minutes-interim-2016-sacm-4
[2] https://datatracker.ietf.org/doc/draft-ietf-sacm-vuln-scenario/
[3] https://datatracker.ietf.org/doc/draft-ietf-sacm-terminology/

> -----Original Message-----
> From: Jerome Athias [mailto:athiasjerome@gmail.com]
> Sent: Monday, June 13, 2016 1:45 AM
> To: Haynes, Dan <dhaynes@mitre.org>
> Cc: sacm@ietf.org
> Subject: Re: [sacm] FOR REVIEW: Vulnerability Assessment Scenario Issue #1
> - Managing Terminology
> 
> Hi,
> 
> 7) "Workflow or process engine" would, IMHO, be ITIL compliant
> 
> 
> "More likely they would be using the Critical Security Controls framework."
> Right, I understand this statement in a maturity level context, etc.
> (I appreciate a lot the CSC, and its usage in SACM) I'm just thinking about
> providing metrics from SACM (to be aligned with strategic levels) But I don't
> want to add 'complexity'
> 
> Regards

v2.23.0 | Report a Bug | By Email