Re: [scap_interest] Operational Aspects

Gunnar Engelbach <Gunnar.Engelbach@ThreatGuard.com> Thu, 16 February 2012 18:14 UTC

Return-Path: <gunnar.engelbach@threatguard.com>
X-Original-To: scap_interest@ietfa.amsl.com
Delivered-To: scap_interest@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2ADD21F884B for <scap_interest@ietfa.amsl.com>; Thu, 16 Feb 2012 10:14:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h15bIEVXwMzI for <scap_interest@ietfa.amsl.com>; Thu, 16 Feb 2012 10:14:39 -0800 (PST)
Received: from server.threatguard.com (server.threatguard.com [207.55.247.173]) by ietfa.amsl.com (Postfix) with ESMTP id 1B9C121F885D for <scap_interest@ietf.org>; Thu, 16 Feb 2012 10:14:38 -0800 (PST)
Received: (qmail 25801 invoked from network); 16 Feb 2012 11:14:50 -0800
Received: from h69-130-58-233.cntcnh.dsl.dynamic.tds.net (HELO ?172.16.1.227?) (69.130.58.233) by 207.55.247.241 with ESMTPSA (DHE-RSA-AES256-SHA encrypted, authenticated); 16 Feb 2012 11:14:50 -0800
Message-ID: <4F3D4795.5080404@ThreatGuard.com>
Date: Thu, 16 Feb 2012 13:14:45 -0500
From: Gunnar Engelbach <Gunnar.Engelbach@ThreatGuard.com>
Organization: ThreatGuard, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.1) Gecko/20120208 Thunderbird/10.0.1
MIME-Version: 1.0
To: scap_interest@ietf.org
References: <CB601365.9241%amontville@tripwire.com> <27F65864-3773-40C9-BB6F-8909CB0E94AD@c3isecurity.com>
In-Reply-To: <27F65864-3773-40C9-BB6F-8909CB0E94AD@c3isecurity.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
Subject: Re: [scap_interest] Operational Aspects
X-BeenThere: scap_interest@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion List for IETFers interested in the Security Content Automation Protocol \(SCAP\)." <scap_interest.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scap_interest>, <mailto:scap_interest-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/scap_interest>
List-Post: <mailto:scap_interest@ietf.org>
List-Help: <mailto:scap_interest-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scap_interest>, <mailto:scap_interest-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Feb 2012 18:14:42 -0000

That's an addition well worth pursuing further.  What jumps out 
immediately to me as a prerequisite is the need to be able to validate 
the authenticity of a benchmark -- that lingering benchmark signing issue.

I would also suggest considering including client validation as part of 
such a protocol.  That could easily be considered outside the scope of 
this, but some of these repositories are commercial, something I'd be 
happy to see more of, so I'd like to see a standardized method for 
validating client access.


A bit early to be going into detail on anything, but I think there are 
two things that could apply multiple places and thus should be fleshed 
out early on.


--gun


On 2/16/2012 12:54 PM, Luis Nunez wrote:
> Since you mentioned "NVD" also known as the National Vulnerability Database.  I think at some point the IETF will be helpful in creating a protocol to communicate with these content repositories.  Last I counted was 7 content repositories.
> In no particular order and I am sure there are more out there.
>
> -SecPod
> -Novell
> -NVD
> -IT Security Database
> -Debian
> -Altx-soft
>
> -ln
>
>
> On Feb 14, 2012, at 5:18 PM, Adam Montville wrote:
>
>> Fair enough.  Just throwing things against the wall as they come to mind.
>>
>> Adam
>>
>> From: kent_landfield<kent_landfield@mcafee.com<mailto:kent_landfield@mcafee.com>>
>> Date: Tue, 14 Feb 2012 15:32:38 -0600
>> To: Adam Montville<amontville@tripwire.com<mailto:amontville@tripwire.com>>,<scap_interest@ietf.org<mailto:scap_interest@ietf.org>>
>> Subject: Re: [scap_interest] Operational Aspects
>>
>> Adam,
>>
>> We have more than enough on our plate with the specification / I-D work.  Let's see if we can deal with this in a more appropriate forum. I do not see this as that forum.  My 2cents…
>>
>> Thanks.
>>
>> Kent Landfield
>> Director Content Strategy, Architecture and Standards
>>
>> McAfee | An Intel Company
>> 5000 Headquarters Dr.
>> Plano, Texas 75024
>>
>> Direct: +1.972.963.7096
>> Mobile: +1.817.637.8026
>> Web: www.mcafee.com<http://www.mcafee.com/>
>>
>> From: Adam Montville<amontville@tripwire.com<mailto:amontville@tripwire.com>>
>> Date: Tue, 14 Feb 2012 15:12:51 -0600
>> To: "scap_interest@ietf.org<mailto:scap_interest@ietf.org>"<scap_interest@ietf.org<mailto:scap_interest@ietf.org>>
>> Subject: [scap_interest] Operational Aspects
>>
>> While we're all bantering about on security automation, there's another side to the story.  Are there any operational concerns we might address within a WG should one be formed?  For example, we have, in the United States, NVD hosting a repository of information.  CCE identifiers are moderated and assigned by an operational process.  As new enumerations are published and new types of content are conceived, it's easy to imagine the need for some operational standardization.
>>
>> Should we consider standardizing some of these processes, and if so would the WG we seek to establish be the appropriate place for that work?
>>
>> Regards,
>>
>> Adam W. Montville | Security and Compliance Architect
>>
>> Direct: 503 276-7661
>> Mobile: 360 471-7815
>>
>> TRIPWIRE | Take CONTROL
>> http://www.tripwire.com
>>
>> _______________________________________________
>> scap_interest mailing list
>> scap_interest@ietf.org<mailto:scap_interest@ietf.org>
>> https://www.ietf.org/mailman/listinfo/scap_interest
>>
>>
>> _______________________________________________
>> scap_interest mailing list
>> scap_interest@ietf.org
>> https://www.ietf.org/mailman/listinfo/scap_interest
>
> _______________________________________________
> scap_interest mailing list
> scap_interest@ietf.org
> https://www.ietf.org/mailman/listinfo/scap_interest