Re: [scap_interest] IETF SCAP and ITU-T CYBEX synergies and cooperation

Michael Chernin <> Thu, 21 October 2010 17:00 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D3F1D3A69F2 for <>; Thu, 21 Oct 2010 10:00:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Status: No, score=x tagged_above=-999 required=5 tests=[]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id PvmAOsIL9h9x for <>; Thu, 21 Oct 2010 10:00:29 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 1379D3A693B for <>; Thu, 21 Oct 2010 10:00:27 -0700 (PDT)
In-Reply-To: <>
MIME-Version: 1.0
X-Mailer: Lotus Notes Release 6.5.4 CCH4 September 02, 2005
Message-ID: <>
From: Michael Chernin <>
Date: Thu, 21 Oct 2010 13:01:47 -0400
X-MIMETrack: Serialize by Router on NAINET04/DTCC at 10/21/2010 01:01:55 PM
Content-Type: multipart/mixed; boundary="=_mixed 005D8C74852577C3_="
Cc: Malcolm Johnson <>,,
Subject: Re: [scap_interest] IETF SCAP and ITU-T CYBEX synergies and cooperation
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Discussion List for IETFers interested in the Security Content Automation Protocol \(SCAP\)." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 21 Oct 2010 17:00:30 -0000

Tony -

I am trying to wrap my head around the CYBEX standard. Is this standard 
creating new standards that replace existing SCAP standards ? Or is this 
standard using existing SCAP standards as it's core? Or does this standard 
simply not care what standard is being used at it's core, as long as its a 
standard? How does the CYBEX standard impact the SCAP interest list and 
SCAP's future with the IETF?

I viewed the presentation that was attached, but it was difficult to 
determine the message without hearing the details that were given during 
the presentation.

Michael "Aharon" Chernin
Security Automation Program Manager
Corporate Information Security -Depository Trust & Clearing Corporation

Tony Rutkowski <> 
Sent by:
10/20/2010 04:30 PM
Please respond to

Malcolm Johnson <>nt>,
[scap_interest] IETF SCAP and ITU-T CYBEX synergies and cooperation

Dear all,

At the ITU-T cybersecurity standards group (Q4/17)
interim meeting in Tokyo last week, the participants
noted the new effort to introduce into the IETF some of
the systems assurance standards under the general aegis
the SCAP BOF and this interest list.

An effort leveraging the same concepts and underlying
standardization work was started within the ITU-T last
year among an array of industry and government
participants and organizations for outlining ways of
sharing and exchanging structured information, that is
called the Cybersecurity Information Exchange Framework
or CYBEX for short.  CYBEX identified the entire array
of information assurance, incident response, forensics
and trust specifications - most of which were in use or
under development in the respective communities - as
part of this Framework.   The CYBEX framework is
scheduled for approval as as Recommendation ITU-T
X.1500, together with CVE and CVSS as X.1520 and X.1521
respectively.  Many others are in various stages of
maturity.  The editors of X.1500 include US DHS,
Japan's NICT, MITRE, Microsoft, FIRST, Cisco, and Yaana

Part of that framework of course includes the use of
security automation schemas such as SCAP as a means 
to facilitate systems, services, devices of all kinds 
to make them "measurably" secure as to potential 
vulnerabilities and threats.  The U.S. federal 
system implementation of SCAP is included as an
example in the X.1500 appendix, as is a similar
implementation in Japan known as JVN.

The vision includes the potential development, use, and
evolution of innumerable numbers of public and private
security automation schemas for innumerable systems,
services, and devices - similar in many ways to the
deployment of network management MIBs over the past 25
years.  The IETF is one of many standards bodies that
should be developing security content automation schemas, 
and the BOF list plus a scheduled event at the upcoming 
Beijing IETF meeting next month is an important step in 
that direction.

This development was discussed at some length at the
Tokyo Interim Meeting and there was significant
enthusiasm for working with IETF (and many other
standards bodies) in developing these implementations
for their standards based protocols and services.
Also demonstrated in Tokyo was the rather remarkable
work demonstrated by the Japan network security
community of a RDF-based discovery mechanism for CYBEX
should be an essential mechanism for enabling use of
all the many distributed instances of security
automation schema.  The platform is part of a CYBEX
discovery specification designated X.cybex-discovery.
In addition, an entire new OID Arc 2.48 has been 
allocated for cybersecurity information exchange 
structured identity purposes.

Dr. Takehashi of NICT, as well as Q4/17 associate
rapporteur Dr. Kadobayashi of NAIST, who have been
developing CYBEX related concepts, tools, and
implementations within Japan's ICT security
community, will be present in Beijing for the IETF
meeting, and we hope can contribute to the SCAP BOF.

An introduction to CYBEX is attached that was presented
last week to the Japan ICT security technical community
hosted by ISOG-J prior to the ITU-T Interim Meeting. 

--tony rutkowski, ITU-T Q.4/17 (cybersecurity) Rapporteur
scap_interest mailing list

<FONT size=2><BR>
DTCC DISCLAIMER: This email and any files transmitted with it are
confidential and intended solely for the use of the individual or
entity to whom they are addressed. If you have received this email
in error, please notify us immediately and delete the email and any
attachments from your system. The recipient should check this email
and any attachments for the presence of viruses.  The company
accepts no liability for any damage caused by any virus transmitted
by this email.</FONT>