Re: [scap_interest] IETF SCAP and ITU-T CYBEX synergies and cooperation
Michael Chernin <mchernin@dtcc.com> Thu, 21 October 2010 17:00 UTC
Return-Path: <mchernin@dtcc.com>
X-Original-To: scap_interest@core3.amsl.com
Delivered-To: scap_interest@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D3F1D3A69F2 for <scap_interest@core3.amsl.com>; Thu, 21 Oct 2010 10:00:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=x tagged_above=-999 required=5 tests=[]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PvmAOsIL9h9x for <scap_interest@core3.amsl.com>; Thu, 21 Oct 2010 10:00:29 -0700 (PDT)
Received: from sainet05.dtcc.com (sainet05.dtcc.com [207.45.43.101]) by core3.amsl.com (Postfix) with ESMTP id 1379D3A693B for <scap_interest@ietf.org>; Thu, 21 Oct 2010 10:00:27 -0700 (PDT)
In-Reply-To: <4CBF515C.4090507@yaanatech.com>
To: tony@yaanatech.com
MIME-Version: 1.0
X-Mailer: Lotus Notes Release 6.5.4 CCH4 September 02, 2005
Message-ID: <OF067986D1.B61A5A12-ON852577C3.005C9E71-852577C3.005D8C79@dtcc.com>
From: Michael Chernin <mchernin@dtcc.com>
Date: Thu, 21 Oct 2010 13:01:47 -0400
X-MIMETrack: Serialize by Router on NAINET04/DTCC at 10/21/2010 01:01:55 PM
Content-Type: multipart/mixed; boundary="=_mixed 005D8C74852577C3_="
Cc: Malcolm Johnson <Malcolm.Johnson@itu.int>, scap_interest@ietf.org, Kent_Landfield@McAfee.com
Subject: Re: [scap_interest] IETF SCAP and ITU-T CYBEX synergies and cooperation
X-BeenThere: scap_interest@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Discussion List for IETFers interested in the Security Content Automation Protocol \(SCAP\)." <scap_interest.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/scap_interest>, <mailto:scap_interest-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/scap_interest>
List-Post: <mailto:scap_interest@ietf.org>
List-Help: <mailto:scap_interest-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scap_interest>, <mailto:scap_interest-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Oct 2010 17:00:30 -0000
Tony - I am trying to wrap my head around the CYBEX standard. Is this standard creating new standards that replace existing SCAP standards ? Or is this standard using existing SCAP standards as it's core? Or does this standard simply not care what standard is being used at it's core, as long as its a standard? How does the CYBEX standard impact the SCAP interest list and SCAP's future with the IETF? I viewed the presentation that was attached, but it was difficult to determine the message without hearing the details that were given during the presentation. Aharon --------------------------------------------------- Michael "Aharon" Chernin Security Automation Program Manager Corporate Information Security -Depository Trust & Clearing Corporation mchernin@dtcc.com Tony Rutkowski <tony@yaanatech.com> Sent by: scap_interest-bounces@ietf.org 10/20/2010 04:30 PM Please respond to tony@yaanatech.com To scap_interest@ietf.org cc Malcolm Johnson <Malcolm.Johnson@itu.int>, Kent_Landfield@McAfee.com Subject [scap_interest] IETF SCAP and ITU-T CYBEX synergies and cooperation Dear all, At the ITU-T cybersecurity standards group (Q4/17) interim meeting in Tokyo last week, the participants noted the new effort to introduce into the IETF some of the systems assurance standards under the general aegis the SCAP BOF and this interest list. An effort leveraging the same concepts and underlying standardization work was started within the ITU-T last year among an array of industry and government participants and organizations for outlining ways of sharing and exchanging structured information, that is called the Cybersecurity Information Exchange Framework or CYBEX for short. CYBEX identified the entire array of information assurance, incident response, forensics and trust specifications - most of which were in use or under development in the respective communities - as part of this Framework. The CYBEX framework is scheduled for approval as as Recommendation ITU-T X.1500, together with CVE and CVSS as X.1520 and X.1521 respectively. Many others are in various stages of maturity. The editors of X.1500 include US DHS, Japan's NICT, MITRE, Microsoft, FIRST, Cisco, and Yaana Technologies. Part of that framework of course includes the use of security automation schemas such as SCAP as a means to facilitate systems, services, devices of all kinds to make them "measurably" secure as to potential vulnerabilities and threats. The U.S. federal system implementation of SCAP is included as an example in the X.1500 appendix, as is a similar implementation in Japan known as JVN. The vision includes the potential development, use, and evolution of innumerable numbers of public and private security automation schemas for innumerable systems, services, and devices - similar in many ways to the deployment of network management MIBs over the past 25 years. The IETF is one of many standards bodies that should be developing security content automation schemas, and the BOF list plus a scheduled event at the upcoming Beijing IETF meeting next month is an important step in that direction. This development was discussed at some length at the Tokyo Interim Meeting and there was significant enthusiasm for working with IETF (and many other standards bodies) in developing these implementations for their standards based protocols and services. Also demonstrated in Tokyo was the rather remarkable work demonstrated by the Japan network security community of a RDF-based discovery mechanism for CYBEX should be an essential mechanism for enabling use of all the many distributed instances of security automation schema. The platform is part of a CYBEX discovery specification designated X.cybex-discovery. In addition, an entire new OID Arc 2.48 has been allocated for cybersecurity information exchange structured identity purposes. Dr. Takehashi of NICT, as well as Q4/17 associate rapporteur Dr. Kadobayashi of NAIST, who have been developing CYBEX related concepts, tools, and implementations within Japan's ICT security community, will be present in Beijing for the IETF meeting, and we hope can contribute to the SCAP BOF. An introduction to CYBEX is attached that was presented last week to the Japan ICT security technical community hosted by ISOG-J prior to the ITU-T Interim Meeting. --tony rutkowski, ITU-T Q.4/17 (cybersecurity) Rapporteur _______________________________________________ scap_interest mailing list scap_interest@ietf.org https://www.ietf.org/mailman/listinfo/scap_interest <BR>_____________________________________________________________ <FONT size=2><BR> DTCC DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify us immediately and delete the email and any attachments from your system. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.</FONT>
- [scap_interest] IETF SCAP and ITU-T CYBEX synergi… Tony Rutkowski
- Re: [scap_interest] IETF SCAP and ITU-T CYBEX syn… Sean Turner
- Re: [scap_interest] IETF SCAP and ITU-T CYBEX syn… Michael Chernin
- Re: [scap_interest] IETF SCAP and ITU-T CYBEX syn… Tony Rutkowski