[scap_interest] IETF SCAP and ITU-T CYBEX synergies and cooperation

Tony Rutkowski <tony@yaanatech.com> Wed, 20 October 2010 20:29 UTC

Return-Path: <tony@yaanatech.com>
X-Original-To: scap_interest@core3.amsl.com
Delivered-To: scap_interest@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id C30483A6933 for <scap_interest@core3.amsl.com>; Wed, 20 Oct 2010 13:29:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Status: No, score=x tagged_above=-999 required=5 tests=[]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id jz66gNRD8XYa for <scap_interest@core3.amsl.com>; Wed, 20 Oct 2010 13:29:11 -0700 (PDT)
Received: from webmail.yaanatech.com (server1.yaanatech.com []) by core3.amsl.com (Postfix) with ESMTP id 13B953A6911 for <scap_interest@ietf.org>; Wed, 20 Oct 2010 13:29:09 -0700 (PDT)
Received: from [] (pool-71-171-109-164.clppva.fios.verizon.net []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by webmail.yaanatech.com (Postfix) with ESMTP id 07DFC1C78192; Wed, 20 Oct 2010 13:30:42 -0700 (PDT)
Message-ID: <4CBF515C.4090507@yaanatech.com>
Date: Wed, 20 Oct 2010 16:30:20 -0400
From: Tony Rutkowski <tony@yaanatech.com>
Organization: Yaana Technologies
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv: Gecko/20100831 Lanikai/3.1.2
MIME-Version: 1.0
To: scap_interest@ietf.org
Content-Type: multipart/mixed; boundary="------------040605030202070107010401"
Cc: Malcolm Johnson <Malcolm.Johnson@itu.int>, Kent_Landfield@McAfee.com
Subject: [scap_interest] IETF SCAP and ITU-T CYBEX synergies and cooperation
X-BeenThere: scap_interest@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: tony@yaanatech.com
List-Id: "Discussion List for IETFers interested in the Security Content Automation Protocol \(SCAP\)." <scap_interest.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/scap_interest>, <mailto:scap_interest-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/scap_interest>
List-Post: <mailto:scap_interest@ietf.org>
List-Help: <mailto:scap_interest-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scap_interest>, <mailto:scap_interest-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Oct 2010 20:29:12 -0000

  Dear all,

At the ITU-T cybersecurity standards group (Q4/17)
interim meeting in Tokyo last week, the participants
noted the new effort to introduce into the IETF some of
the systems assurance standards under the general aegis
the SCAP BOF and this interest list.

An effort leveraging the same concepts and underlying
standardization work was started within the ITU-T last
year among an array of industry and government
participants and organizations for outlining ways of
sharing and exchanging structured information, that is
called the Cybersecurity Information Exchange Framework
or CYBEX for short.  CYBEX identified the entire array
of information assurance, incident response, forensics
and trust specifications - most of which were in use or
under development in the respective communities - as
part of this Framework.   The CYBEX framework is
scheduled for approval as as Recommendation ITU-T
X.1500, together with CVE and CVSS as X.1520 and X.1521
respectively.  Many others are in various stages of
maturity.  The editors of X.1500 include US DHS,
Japan's NICT, MITRE, Microsoft, FIRST, Cisco, and Yaana

Part of that framework of course includes the use of
security automation schemas such as SCAP as a means
to facilitate systems, services, devices of all kinds
to make them "measurably" secure as to potential
vulnerabilities and threats.  The U.S. federal
system implementation of SCAP is included as an
example in the X.1500 appendix, as is a similar
implementation in Japan known as JVN.

The vision includes the potential development, use, and
evolution of innumerable numbers of public and private
security automation schemas for innumerable systems,
services, and devices - similar in many ways to the
deployment of network management MIBs over the past 25
years.  The IETF is one of many standards bodies that
should be developing security content automation schemas,
and the BOF list plus a scheduled event at the upcoming
Beijing IETF meeting next month is an important step in
that direction.

This development was discussed at some length at the
Tokyo Interim Meeting and there was significant
enthusiasm for working with IETF (and many other
standards bodies) in developing these implementations
for their standards based protocols and services.
Also demonstrated in Tokyo was the rather remarkable
work demonstrated by the Japan network security
community of a RDF-based discovery mechanism for CYBEX
should be an essential mechanism for enabling use of
all the many distributed instances of security
automation schema.  The platform is part of a CYBEX
discovery specification designated X.cybex-discovery.
In addition, an entire new OID Arc 2.48 has been
allocated for cybersecurity information exchange
structured identity purposes.

Dr. Takehashi of NICT, as well as Q4/17 associate
rapporteur Dr. Kadobayashi of NAIST, who have been
developing CYBEX related concepts, tools, and
implementations within Japan's ICT security
community, will be present in Beijing for the IETF
meeting, and we hope can contribute to the SCAP BOF.

An introduction to CYBEX is attached that was presented
last week to the Japan ICT security technical community
hosted by ISOG-J prior to the ITU-T Interim Meeting.

--tony rutkowski, ITU-T Q.4/17 (cybersecurity) Rapporteur