Re: [scap_interest] Checking language needs

<matthew.coles@emc.com> Tue, 14 February 2012 21:18 UTC

Return-Path: <matthew.coles@emc.com>
X-Original-To: scap_interest@ietfa.amsl.com
Delivered-To: scap_interest@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD29621E8065 for <scap_interest@ietfa.amsl.com>; Tue, 14 Feb 2012 13:18:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.598
X-Spam-Level:
X-Spam-Status: No, score=-10.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dflM51dC4UF8 for <scap_interest@ietfa.amsl.com>; Tue, 14 Feb 2012 13:18:07 -0800 (PST)
Received: from mexforward.lss.emc.com (mexforward.lss.emc.com [128.222.32.20]) by ietfa.amsl.com (Postfix) with ESMTP id ACA2A21E8036 for <scap_interest@ietf.org>; Tue, 14 Feb 2012 13:18:06 -0800 (PST)
Received: from hop04-l1d11-si04.isus.emc.com (HOP04-L1D11-SI04.isus.emc.com [10.254.111.24]) by mexforward.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id q1ELI3N5000981 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 14 Feb 2012 16:18:04 -0500
Received: from mailhub.lss.emc.com (mailhubhoprd03.lss.emc.com [10.254.221.145]) by hop04-l1d11-si04.isus.emc.com (RSA Interceptor); Tue, 14 Feb 2012 16:17:51 -0500
Received: from mxhub36.corp.emc.com (mxhub36.corp.emc.com [10.254.93.84]) by mailhub.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id q1ELHoeb026086; Tue, 14 Feb 2012 16:17:50 -0500
Received: from mx21a.corp.emc.com ([169.254.1.226]) by mxhub36.corp.emc.com ([::1]) with mapi; Tue, 14 Feb 2012 16:17:50 -0500
From: <matthew.coles@emc.com>
To: <Kent_Landfield@McAfee.com>, <scap_interest@ietf.org>
Date: Tue, 14 Feb 2012 16:17:49 -0500
Thread-Topic: Checking language needs
Thread-Index: AczrU3qhQ1uuVmZpSYC1yTv2HOynqAACjCBw
Message-ID: <A775CF577301854EBD38CC86F35FB6345D57352FA3@MX21A.corp.emc.com>
References: <CB6019EB.2C4E5%kent_landfield@mcafee.com>
In-Reply-To: <CB6019EB.2C4E5%kent_landfield@mcafee.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_A775CF577301854EBD38CC86F35FB6345D57352FA3MX21Acorpemcc_"
MIME-Version: 1.0
X-EMM-MHVC: 1
X-Mailman-Approved-At: Tue, 14 Feb 2012 13:52:29 -0800
Subject: Re: [scap_interest] Checking language needs
X-BeenThere: scap_interest@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion List for IETFers interested in the Security Content Automation Protocol \(SCAP\)." <scap_interest.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scap_interest>, <mailto:scap_interest-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/scap_interest>
List-Post: <mailto:scap_interest@ietf.org>
List-Help: <mailto:scap_interest-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scap_interest>, <mailto:scap_interest-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Feb 2012 21:19:57 -0000

Kent,



I would like to contribute to this effort. I work with the products at EMC to make them secure and enable security among them and other systems, and find SCAP a valuable initiative and set of standards.



Matthew Coles | Product Security Office | RSA, the Security Division of EMC







From: scap_interest-bounces@ietf.org [mailto:scap_interest-bounces@ietf.org] On Behalf Of Kent_Landfield@McAfee.com
Sent: Tuesday, February 14, 2012 3:02 PM
To: scap_interest@ietf.org
Subject: [scap_interest] Checking language needs



All,



One of the missing pieces we have right now is a standardized approach to developing new checking languages.  Within fielded XCCDF-enabled products today there are multiple checking languages in use. One of them grew up with XCCDF (OVAL) and another (OCIL) was developed without much concern for how it might be called and used from XCCDF.  The later's adoption rate has been seriously impacted because of that.  Additionally, vendors have at times introduced their own checking mechanisms to support customer needs that could not be supported with the existing checking languages.  Scripting is also being done directly from XCCDF benchmarks by multiple vendor products.



As we are starting to expand security automation uses, it is important we enable innovative approaches to check execution. Not everything can be done using the existing model and existing means.  Continuous monitoring uses are going to require more flexibility by requiring different means to check certain areas than exist today.  Forcing implementers to have to dig thru the XCCDF specification to have to figure out how to properly integrate with it is an inhibitor. We need to foster alternative means so integrating into the the existing security automation architectures and products is not so daunting.  Even in areas where something as simple as scripting is used, I would be very surprised if two existing implementations could execute the same script content because of incompatible implementation approaches.  Yes, OVAL is interoperable today but we need to make sure additional checking languages have that same potential for interoperability.



>From my perspective, the key to the success in fielding a useful framework is assuring the right building blocks are in place.  We need to be able to leverage those building blocks to expand standards based security automation. It is important we document the proper way to develop new checking mechanisms if we are to have content and solutions that interoperate effectively.  By specifying the practices and items  new checking languages need to support, we can expand what is possible with security automation using already fielded tools and environments.



I am looking for interest here and for those that might want to help me in producing this draft specification.



Kent Landfield
Director Content Strategy, Architecture and Standards

McAfee | An Intel Company
5000 Headquarters Dr.
Plano, Texas 75024

Direct: +1.972.963.7096
Mobile: +1.817.637.8026
Web: www.mcafee.com<http://www.mcafee.com/>