[scap_interest] IETF SCAP and ITU-T CYBEX synergies and cooperation
Tony Rutkowski <tony@yaanatech.com> Wed, 20 October 2010 20:29 UTC
Return-Path: <tony@yaanatech.com>
X-Original-To: scap_interest@core3.amsl.com
Delivered-To: scap_interest@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C30483A6933 for <scap_interest@core3.amsl.com>; Wed, 20 Oct 2010 13:29:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=x tagged_above=-999 required=5 tests=[]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jz66gNRD8XYa for <scap_interest@core3.amsl.com>; Wed, 20 Oct 2010 13:29:11 -0700 (PDT)
Received: from webmail.yaanatech.com (server1.yaanatech.com [66.135.59.213]) by core3.amsl.com (Postfix) with ESMTP id 13B953A6911 for <scap_interest@ietf.org>; Wed, 20 Oct 2010 13:29:09 -0700 (PDT)
Received: from [192.168.0.11] (pool-71-171-109-164.clppva.fios.verizon.net [71.171.109.164]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by webmail.yaanatech.com (Postfix) with ESMTP id 07DFC1C78192; Wed, 20 Oct 2010 13:30:42 -0700 (PDT)
Message-ID: <4CBF515C.4090507@yaanatech.com>
Date: Wed, 20 Oct 2010 16:30:20 -0400
From: Tony Rutkowski <tony@yaanatech.com>
Organization: Yaana Technologies
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.8) Gecko/20100831 Lanikai/3.1.2
MIME-Version: 1.0
To: scap_interest@ietf.org
Content-Type: multipart/mixed; boundary="------------040605030202070107010401"
Cc: Malcolm Johnson <Malcolm.Johnson@itu.int>, Kent_Landfield@McAfee.com
Subject: [scap_interest] IETF SCAP and ITU-T CYBEX synergies and cooperation
X-BeenThere: scap_interest@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: tony@yaanatech.com
List-Id: "Discussion List for IETFers interested in the Security Content Automation Protocol \(SCAP\)." <scap_interest.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/scap_interest>, <mailto:scap_interest-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/scap_interest>
List-Post: <mailto:scap_interest@ietf.org>
List-Help: <mailto:scap_interest-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scap_interest>, <mailto:scap_interest-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Oct 2010 20:29:12 -0000
Dear all, At the ITU-T cybersecurity standards group (Q4/17) interim meeting in Tokyo last week, the participants noted the new effort to introduce into the IETF some of the systems assurance standards under the general aegis the SCAP BOF and this interest list. An effort leveraging the same concepts and underlying standardization work was started within the ITU-T last year among an array of industry and government participants and organizations for outlining ways of sharing and exchanging structured information, that is called the Cybersecurity Information Exchange Framework or CYBEX for short. CYBEX identified the entire array of information assurance, incident response, forensics and trust specifications - most of which were in use or under development in the respective communities - as part of this Framework. The CYBEX framework is scheduled for approval as as Recommendation ITU-T X.1500, together with CVE and CVSS as X.1520 and X.1521 respectively. Many others are in various stages of maturity. The editors of X.1500 include US DHS, Japan's NICT, MITRE, Microsoft, FIRST, Cisco, and Yaana Technologies. Part of that framework of course includes the use of security automation schemas such as SCAP as a means to facilitate systems, services, devices of all kinds to make them "measurably" secure as to potential vulnerabilities and threats. The U.S. federal system implementation of SCAP is included as an example in the X.1500 appendix, as is a similar implementation in Japan known as JVN. The vision includes the potential development, use, and evolution of innumerable numbers of public and private security automation schemas for innumerable systems, services, and devices - similar in many ways to the deployment of network management MIBs over the past 25 years. The IETF is one of many standards bodies that should be developing security content automation schemas, and the BOF list plus a scheduled event at the upcoming Beijing IETF meeting next month is an important step in that direction. This development was discussed at some length at the Tokyo Interim Meeting and there was significant enthusiasm for working with IETF (and many other standards bodies) in developing these implementations for their standards based protocols and services. Also demonstrated in Tokyo was the rather remarkable work demonstrated by the Japan network security community of a RDF-based discovery mechanism for CYBEX should be an essential mechanism for enabling use of all the many distributed instances of security automation schema. The platform is part of a CYBEX discovery specification designated X.cybex-discovery. In addition, an entire new OID Arc 2.48 has been allocated for cybersecurity information exchange structured identity purposes. Dr. Takehashi of NICT, as well as Q4/17 associate rapporteur Dr. Kadobayashi of NAIST, who have been developing CYBEX related concepts, tools, and implementations within Japan's ICT security community, will be present in Beijing for the IETF meeting, and we hope can contribute to the SCAP BOF. An introduction to CYBEX is attached that was presented last week to the Japan ICT security technical community hosted by ISOG-J prior to the ITU-T Interim Meeting. --tony rutkowski, ITU-T Q.4/17 (cybersecurity) Rapporteur
- [scap_interest] IETF SCAP and ITU-T CYBEX synergi… Tony Rutkowski
- Re: [scap_interest] IETF SCAP and ITU-T CYBEX syn… Sean Turner
- Re: [scap_interest] IETF SCAP and ITU-T CYBEX syn… Michael Chernin
- Re: [scap_interest] IETF SCAP and ITU-T CYBEX syn… Tony Rutkowski