Re: [scap_interest] IETF SCAP and ITU-T CYBEX synergies and cooperation

Sean Turner <> Wed, 20 October 2010 21:18 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 7A2E43A67FB for <>; Wed, 20 Oct 2010 14:18:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -102.598
X-Spam-Status: No, score=-102.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, UNPARSEABLE_RELAY=0.001, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id kKxVjpKUTGMZ for <>; Wed, 20 Oct 2010 14:18:11 -0700 (PDT)
Received: from ( []) by (Postfix) with SMTP id 8769C3A681E for <>; Wed, 20 Oct 2010 14:18:10 -0700 (PDT)
Received: from [] by with NNFMP; 20 Oct 2010 21:19:41 -0000
Received: from [] by with NNFMP; 20 Oct 2010 21:19:41 -0000
Received: from [] by with NNFMP; 20 Oct 2010 21:19:40 -0000
Received: (qmail 65519 invoked from network); 20 Oct 2010 20:48:08 -0000
Received: from thunderfish.local (turners@ with plain) by with SMTP; 20 Oct 2010 13:48:08 -0700 PDT
X-Yahoo-SMTP: ZrP3VLSswBDL75pF8ymZHDSu9B.vcMfDPgLJ
X-YMail-OSG: 1Biik5cVM1mZu_V9txW556p9YKJerYHWvGINv8clP2HRl5O .CS8fbZZVyogMcG_osi6Y4LrhhjeT0sdr8LkfDT0DJLjvuD0xiij5vuDvAxp CGfn99QGdQsixQJeTpOomxskGc3aVONsRvQjkGc_4nO4ZCZRU64Xyq7IVG.Z 33LI7wMNbDqY1Ftda.mV_ZfdfGimlhTTrTpb7qBQT
X-Yahoo-Newman-Property: ymail-3
Message-ID: <>
Date: Wed, 20 Oct 2010 16:48:09 -0400
From: Sean Turner <>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv: Gecko/20101013 Lightning/1.0b2 Thunderbird/3.1.5
MIME-Version: 1.0
References: <>
In-Reply-To: <>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: Malcolm Johnson <>,
Subject: Re: [scap_interest] IETF SCAP and ITU-T CYBEX synergies and cooperation
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Discussion List for IETFers interested in the Security Content Automation Protocol \(SCAP\)." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 20 Oct 2010 21:18:14 -0000

Also note that there is the following draft:


On 10/20/10 4:30 PM, Tony Rutkowski wrote:
> Dear all,
> At the ITU-T cybersecurity standards group (Q4/17)
> interim meeting in Tokyo last week, the participants
> noted the new effort to introduce into the IETF some of
> the systems assurance standards under the general aegis
> the SCAP BOF and this interest list.
> An effort leveraging the same concepts and underlying
> standardization work was started within the ITU-T last
> year among an array of industry and government
> participants and organizations for outlining ways of
> sharing and exchanging structured information, that is
> called the Cybersecurity Information Exchange Framework
> or CYBEX for short. CYBEX identified the entire array
> of information assurance, incident response, forensics
> and trust specifications - most of which were in use or
> under development in the respective communities - as
> part of this Framework. The CYBEX framework is
> scheduled for approval as as Recommendation ITU-T
> X.1500, together with CVE and CVSS as X.1520 and X.1521
> respectively. Many others are in various stages of
> maturity. The editors of X.1500 include US DHS,
> Japan's NICT, MITRE, Microsoft, FIRST, Cisco, and Yaana
> Technologies.
> Part of that framework of course includes the use of
> security automation schemas such as SCAP as a means
> to facilitate systems, services, devices of all kinds
> to make them "measurably" secure as to potential
> vulnerabilities and threats. The U.S. federal
> system implementation of SCAP is included as an
> example in the X.1500 appendix, as is a similar
> implementation in Japan known as JVN.
> The vision includes the potential development, use, and
> evolution of innumerable numbers of public and private
> security automation schemas for innumerable systems,
> services, and devices - similar in many ways to the
> deployment of network management MIBs over the past 25
> years. The IETF is one of many standards bodies that
> should be developing security content automation schemas,
> and the BOF list plus a scheduled event at the upcoming
> Beijing IETF meeting next month is an important step in
> that direction.
> This development was discussed at some length at the
> Tokyo Interim Meeting and there was significant
> enthusiasm for working with IETF (and many other
> standards bodies) in developing these implementations
> for their standards based protocols and services.
> Also demonstrated in Tokyo was the rather remarkable
> work demonstrated by the Japan network security
> community of a RDF-based discovery mechanism for CYBEX
> should be an essential mechanism for enabling use of
> all the many distributed instances of security
> automation schema. The platform is part of a CYBEX
> discovery specification designated X.cybex-discovery.
> In addition, an entire new OID Arc 2.48 has been
> allocated for cybersecurity information exchange
> structured identity purposes.
> Dr. Takehashi of NICT, as well as Q4/17 associate
> rapporteur Dr. Kadobayashi of NAIST, who have been
> developing CYBEX related concepts, tools, and
> implementations within Japan's ICT security
> community, will be present in Beijing for the IETF
> meeting, and we hope can contribute to the SCAP BOF.
> An introduction to CYBEX is attached that was presented
> last week to the Japan ICT security technical community
> hosted by ISOG-J prior to the ITU-T Interim Meeting.
> --tony rutkowski, ITU-T Q.4/17 (cybersecurity) Rapporteur
> _______________________________________________
> scap_interest mailing list