[scap_interest] Report on the SG17 Geneva meeting concluded last week
Tony Rutkowski <tony@yaanatech.com> Mon, 20 December 2010 20:36 UTC
Return-Path: <tony@yaanatech.com>
X-Original-To: scap_interest@core3.amsl.com
Delivered-To: scap_interest@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6B3863A6ABC for <scap_interest@core3.amsl.com>; Mon, 20 Dec 2010 12:36:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=x tagged_above=-999 required=5 tests=[]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z-baWzUcaaz2 for <scap_interest@core3.amsl.com>; Mon, 20 Dec 2010 12:36:22 -0800 (PST)
Received: from webmail.yaanatech.com (server1.yaanatech.com [66.135.59.213]) by core3.amsl.com (Postfix) with ESMTP id B226D3A6887 for <scap_interest@ietf.org>; Mon, 20 Dec 2010 12:36:20 -0800 (PST)
Received: from [192.168.0.11] (pool-71-171-109-164.clppva.fios.verizon.net [71.171.109.164]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by webmail.yaanatech.com (Postfix) with ESMTP id DB2811C78289; Mon, 20 Dec 2010 12:38:08 -0800 (PST)
Message-ID: <4D0FBEAF.1010800@yaanatech.com>
Date: Mon, 20 Dec 2010 15:38:07 -0500
From: Tony Rutkowski <tony@yaanatech.com>
Organization: Yaana Technologies
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.12) Gecko/20101028 Lanikai/3.1.6
MIME-Version: 1.0
To: scap_interest@ietf.org
Content-Type: multipart/mixed; boundary="------------040202040709020407080904"
Subject: [scap_interest] Report on the SG17 Geneva meeting concluded last week
X-BeenThere: scap_interest@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: tony@yaanatech.com
List-Id: "Discussion List for IETFers interested in the Security Content Automation Protocol \(SCAP\)." <scap_interest.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/scap_interest>, <mailto:scap_interest-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/scap_interest>
List-Post: <mailto:scap_interest@ietf.org>
List-Help: <mailto:scap_interest-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scap_interest>, <mailto:scap_interest-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Dec 2010 20:36:23 -0000
Dear All, Last Friday, the ITU-T Study Group 17 Plenary formally approved for balloting, an ensemble of SCAP related standards that include: X.1500, Cybersecurity Information Exchange Techniques X.1520, Common vulnerabilities and exposures (CVE) X.1521, Common vulnerability scoring system (CVSS) X.1261, Extended validation certificate framework The approval was unanimous among all the many national and industry representatives. The Recommendations now will be translated into five other languages and sent to 191 countries who seem likely to add their approval for final adoption in April. In the process, we will have the first definitive compendium of multilingual terms for cybersecurity information exchange. The X.1500, known as CYBEX, now involves a broad array of different organizations as was evident from the CYBEX workshop session (5.1) preceding the SG17 meeting and the presentations are downloadable. See http://www.itu.int/ITU-T/worksem/security/201012/programme.html The attached tutorial was presented during a special session last Wednesday, that among other things describes applying SCAP to arbitrary Future Networks. X.1500 is attached, as well as the planned array of SCAP related standards. All of these are destined for a dedicated series of standards: Subject Recommendation Series ---------------------------------------------------------- Cybersecurity Information Exchange X.1500-X.1599 Weakness/vulnerability/state exchange X.1520-X.1539 Event/incident/heuristics exchange X.1540-X.1549 Information exchange policy X.1550-X.1559 Heuristics and information request X.1560-X.1569 Identification, discovery and query X.1570-X.1579 Assured exchange X.1580-X.1589 [Reserved] X.1590-X.1599 best, tony (Q4/17 Rapporteur) ps. There were two other developments of note. Steps were begun to implement the special academic institution membership category. Also approved was a new work item for trusted availability of network security standards and related objects.
- [scap_interest] Report on the SG17 Geneva meeting… Tony Rutkowski