[scap_interest] IETF 83 Birds of a Feather Session Preparation
Adam Montville <amontville@tripwire.com> Mon, 13 February 2012 22:16 UTC
Return-Path: <amontville@tripwire.com>
X-Original-To: scap_interest@ietfa.amsl.com
Delivered-To: scap_interest@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 24A5321E8047 for <scap_interest@ietfa.amsl.com>; Mon, 13 Feb 2012 14:16:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.599
X-Spam-Level:
X-Spam-Status: No, score=-8.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, GB_I_LETTER=-2, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v8NzGyCMLui7 for <scap_interest@ietfa.amsl.com>; Mon, 13 Feb 2012 14:16:25 -0800 (PST)
Received: from TX2EHSOBE002.bigfish.com (tx2ehsobe002.messaging.microsoft.com [65.55.88.12]) by ietfa.amsl.com (Postfix) with ESMTP id D993021E8044 for <scap_interest@ietf.org>; Mon, 13 Feb 2012 14:16:24 -0800 (PST)
Received: from mail30-tx2-R.bigfish.com (10.9.14.251) by TX2EHSOBE002.bigfish.com (10.9.40.22) with Microsoft SMTP Server id 14.1.225.23; Mon, 13 Feb 2012 22:16:22 +0000
Received: from mail30-tx2 (localhost [127.0.0.1]) by mail30-tx2-R.bigfish.com (Postfix) with ESMTP id ED179C02F9 for <scap_interest@ietf.org>; Mon, 13 Feb 2012 22:16:21 +0000 (UTC)
X-SpamScore: -27
X-BigFish: VPS-27(zz9f17Rc85fhzz1202hzz1033IL8275bh8275dhz2dh793h2a8h668h839hbe3k34h)
X-Forefront-Antispam-Report: CIP:174.47.84.216; KIP:(null); UIP:(null); IPV:NLI; H:PDXHB01.tripwire.com; RD:174-47-84-216.static.twtelecom.net; EFVD:NLI
Received: from mail30-tx2 (localhost.localdomain [127.0.0.1]) by mail30-tx2 (MessageSwitch) id 1329171380178913_23281; Mon, 13 Feb 2012 22:16:20 +0000 (UTC)
Received: from TX2EHSMHS017.bigfish.com (unknown [10.9.14.244]) by mail30-tx2.bigfish.com (Postfix) with ESMTP id 1CEAA120056 for <scap_interest@ietf.org>; Mon, 13 Feb 2012 22:16:20 +0000 (UTC)
Received: from PDXHB01.tripwire.com (174.47.84.216) by TX2EHSMHS017.bigfish.com (10.9.99.117) with Microsoft SMTP Server (TLS) id 14.1.225.23; Mon, 13 Feb 2012 22:16:18 +0000
Received: from PDXHB01.tripwire.com (172.30.0.53) by PDXED01.tripwire.com (192.168.192.5) with Microsoft SMTP Server (TLS) id 14.1.355.2; Mon, 13 Feb 2012 14:25:07 -0800
Received: from PDXMB02.tripwire.com ([fe80::f997:7b65:8e64:438e]) by PDXHB01.tripwire.com ([fe80::d495:98d2:7df4:2154%11]) with mapi id 14.01.0355.002; Mon, 13 Feb 2012 14:16:19 -0800
From: Adam Montville <amontville@tripwire.com>
To: "scap_interest@ietf.org" <scap_interest@ietf.org>
Thread-Topic: IETF 83 Birds of a Feather Session Preparation
Thread-Index: AQHM6p0bY1wjeDWpKEejrdBgIBb8pQ==
Date: Mon, 13 Feb 2012 22:16:18 +0000
Message-ID: <CB5E5617.8F09%amontville@tripwire.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.14.0.111121
x-originating-ip: [172.30.0.234]
x-exclaimer-md-config: 79afcaa7-fdf4-4fa6-abe0-afeaa4640a4f
Content-Type: multipart/mixed; boundary="_002_CB5E56178F09amontvilletripwirecom_"
MIME-Version: 1.0
X-OriginatorOrg: tripwire.com
Subject: [scap_interest] IETF 83 Birds of a Feather Session Preparation
X-BeenThere: scap_interest@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion List for IETFers interested in the Security Content Automation Protocol \(SCAP\)." <scap_interest.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scap_interest>, <mailto:scap_interest-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/scap_interest>
List-Post: <mailto:scap_interest@ietf.org>
List-Help: <mailto:scap_interest-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scap_interest>, <mailto:scap_interest-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Feb 2012 22:16:26 -0000
All: You may recall that in November 2010 an IETF BoF was held with the goal of introducing the IETF community to SCAP and, ultimately, to consider 1) whether the technology was mature enough for standardization, and 2) whether such standardization should take place under the auspices of the IETF. On February 10, 2012 a Vendor Letter - signed by 16 executive-level representatives - was sent to various SCAP stakeholders at NIST, DHS, NCSC, and other US Government agencies. The Vendor Letter (attached) demonstrates a significant level of support among vendors for moving security automation development to the IETF. Now, we seek to schedule a WG-forming BoF session during IETF 83 in Paris. As a WG-forming BoF, we will be discussing a charter, potential drafts, and other important aspects concerning the possible move of security automation development to the IETF. I invite all vendors, government representatives, specification authors and contributors to engage in a discussion on the scap_interest list (to subscribe visit: https://www.ietf.org/mailman/listinfo/scap_interest) Such discussion should occur before IETF 83 and cover what moving security automation development to the IETF would mean, how a WG might be structured, what a charter might look like, which specifications should be first drafted, what pieces are missing, and how continuous monitoring might additionally be included. IT IS IMPORTANT THAT BOF-RELATED DISCUSSIONS BE CONDUCTED ON THE SCAP_INTEREST MAILING LIST AND NOT ON INDIVIDUAL SPECIFICATION DEVELOPMENT LISTS. The following are areas of concern (in addition to what already exists in the security automation domain today) we believe would be suitable for furthering the security automation efforts on a global scale: * XCCDF 1.2.1 * Alternate checking systems * Targeting and scheduling for interrogative checking systems * Security automation core elements * Risk scoring normalization and unification NOTE: I originally sent this with multiple recipients, but that message was held for moderation. I'm "reposting" the message without the additional recipients. Regards, Adam W. Montville | Security and Compliance Architect Direct: 503 276-7661 Mobile: 360 471-7815 TRIPWIRE | Take CONTROL http://www.tripwire.com
- [scap_interest] IETF 83 Birds of a Feather Sessio… Adam Montville