| draft-ietf-opsec-efforts-01.txt | draft-ietf-opsec-efforts-02.txt | |||
|---|---|---|---|---|
| Network Working Group C. Lonvick | Network Working Group C. Lonvick | |||
| Internet-Draft D. Spak | Internet-Draft D. Spak | |||
| Expires: January 8, 2006 Cisco Systems | Expires: July 21, 2006 Cisco Systems | |||
| July 7, 2005 | January 17, 2006 | |||
| Security Best Practices Efforts and Documents | Security Best Practices Efforts and Documents | |||
| draft-ietf-opsec-efforts-01.txt | draft-ietf-opsec-efforts-02.txt | |||
| Status of this Memo | Status of this Memo | |||
| By submitting this Internet-Draft, each author represents that any | By submitting this Internet-Draft, each author represents that any | |||
| applicable patent or other IPR claims of which he or she is aware | applicable patent or other IPR claims of which he or she is aware | |||
| have been or will be disclosed, and any of which he or she becomes | have been or will be disclosed, and any of which he or she becomes | |||
| aware will be disclosed, in accordance with Section 6 of BCP 79. | aware will be disclosed, in accordance with Section 6 of BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
| skipping to change at page 1, line 34 | skipping to change at page 1, line 34 | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
| http://www.ietf.org/ietf/1id-abstracts.txt. | http://www.ietf.org/ietf/1id-abstracts.txt. | |||
| The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
| http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
| This Internet-Draft will expire on January 8, 2006. | This Internet-Draft will expire on July 21, 2006. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (C) The Internet Society (2005). | Copyright (C) The Internet Society (2006). | |||
| Abstract | Abstract | |||
| This document provides a snapshot of the current efforts to define or | This document provides a snapshot of the current efforts to define or | |||
| apply security requirements in various Standards Developing | apply security requirements in various Standards Developing | |||
| Organizations (SDO). | Organizations (SDO). | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 5 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| skipping to change at page 10, line 16 | skipping to change at page 10, line 16 | |||
| This section of this document lists the SDOs, or organizations that | This section of this document lists the SDOs, or organizations that | |||
| appear to be developing security related standards. These SDOs are | appear to be developing security related standards. These SDOs are | |||
| listed in alphabetical order. | listed in alphabetical order. | |||
| Note: The authors would appreciate corrections and additions. This | Note: The authors would appreciate corrections and additions. This | |||
| note will be removed before publication as an RFC. | note will be removed before publication as an RFC. | |||
| 4.1 3GPP - Third Generation Partnership Project | 4.1 3GPP - Third Generation Partnership Project | |||
| http://www.3gpp.org | http://www.3gpp.org/ | |||
| The 3rd Generation Partnership Project (3GPP) is a collaboration | The 3rd Generation Partnership Project (3GPP) is a collaboration | |||
| agreement formed in December 1998. The collaboration agreement is | agreement formed in December 1998. The collaboration agreement is | |||
| comprised of several telecommunications standards bodies which are | comprised of several telecommunications standards bodies which are | |||
| known as "Organizational Partners". The current Organizational | known as "Organizational Partners". The current Organizational | |||
| Partners involved with 3GPP are ARIB, CCSA, ETSI, ATIS, TTA, and TTC. | Partners involved with 3GPP are ARIB, CCSA, ETSI, ATIS, TTA, and TTC. | |||
| 4.2 3GPP2 - Third Generation Partnership Project 2 | 4.2 3GPP2 - Third Generation Partnership Project 2 | |||
| http://www.3gpp2.org | http://www.3gpp2.org/ | |||
| Third Generation Partnership Project 2 (3GPP2) is a collaboration | Third Generation Partnership Project 2 (3GPP2) is a collaboration | |||
| among Organizational Partners much like its sister project 3GPP. The | among Organizational Partners much like its sister project 3GPP. The | |||
| Organizational Partners (OPs) currently involved with 3GPP2 are ARIB, | Organizational Partners (OPs) currently involved with 3GPP2 are ARIB, | |||
| CCSA, TIA, TTA, and TTC. In addition to the OPs, 3GPP2 also welcomes | CCSA, TIA, TTA, and TTC. In addition to the OPs, 3GPP2 also welcomes | |||
| the CDMA Development Group and IPv6 Forum as Market Representation | the CDMA Development Group and IPv6 Forum as Market Representation | |||
| Partners for market advice. | Partners for market advice. | |||
| 4.3 ANSI - The American National Standards Institute | 4.3 ANSI - The American National Standards Institute | |||
| http://www.ansi.org | http://www.ansi.org/ | |||
| ANSI is a private, non-profit organization that organizes and | ANSI is a private, non-profit organization that organizes and | |||
| oversees the U.S. voluntary standardization and conformity assessment | oversees the U.S. voluntary standardization and conformity assessment | |||
| system. ANSI was founded October 19, 1918. | system. ANSI was founded October 19, 1918. | |||
| 4.4 ATIS - Alliance for Telecommunications Industry Solutions | 4.4 ATIS - Alliance for Telecommunications Industry Solutions | |||
| http://www.atis.org | http://www.atis.org/ | |||
| ATIS is a United States based body that is committed to rapidly | ATIS is a United States based body that is committed to rapidly | |||
| developing and promoting technical and operations standards for the | developing and promoting technical and operations standards for the | |||
| communications and related information technologies industry | communications and related information technologies industry | |||
| worldwide using pragmatic, flexible and open approach. Committee T1 | worldwide using pragmatic, flexible and open approach. Committee T1 | |||
| as a group no longer exists as a result of the recent ATIS | as a group no longer exists as a result of the recent ATIS | |||
| reorganization on January 1, 2004. ATIS has restructured the former | reorganization on January 1, 2004. ATIS has restructured the former | |||
| T1 technical subcommittees into full ATIS standards committees to | T1 technical subcommittees into full ATIS standards committees to | |||
| easily identify and promote the nature of standards work each | easily identify and promote the nature of standards work each | |||
| committee performs. Due to the reorganization, some groups may have | committee performs. Due to the reorganization, some groups may have | |||
| skipping to change at page 13, line 36 | skipping to change at page 13, line 36 | |||
| telecommunications standards. ETSI is based in Sophia-Antipolis in | telecommunications standards. ETSI is based in Sophia-Antipolis in | |||
| the south of France and maintains a membership from 55 countries. | the south of France and maintains a membership from 55 countries. | |||
| Joint work between ETSI and ITU-T SG-17 | Joint work between ETSI and ITU-T SG-17 | |||
| http://docbox.etsi.org/OCG/OCG/GSC9/GSC9_JointT%26R/ | http://docbox.etsi.org/OCG/OCG/GSC9/GSC9_JointT%26R/ | |||
| GSC9_Joint_011_Security_Standardization_in_ITU.ppt | GSC9_Joint_011_Security_Standardization_in_ITU.ppt | |||
| 4.8 GGF - Global Grid Forum | 4.8 GGF - Global Grid Forum | |||
| http://www.gridforum.org | http://www.gridforum.org/ | |||
| The Global Grid Forum (GGF) is a community-initiated forum of | The Global Grid Forum (GGF) is a community-initiated forum of | |||
| thousands of individuals from industry and research leading the | thousands of individuals from industry and research leading the | |||
| global standardization effort for grid computing. GGF's primary | global standardization effort for grid computing. GGF's primary | |||
| objectives are to promote and support the development, deployment, | objectives are to promote and support the development, deployment, | |||
| and implementation of Grid technologies and applications via the | and implementation of Grid technologies and applications via the | |||
| creation and documentation of "best practices" - technical | creation and documentation of "best practices" - technical | |||
| specifications, user experiences, and implementation guidelines. | specifications, user experiences, and implementation guidelines. | |||
| 4.9 IEEE - The Institute of Electrical and Electronics Engineers, Inc. | 4.9 IEEE - The Institute of Electrical and Electronics Engineers, Inc. | |||
| http://www.ieee.org | http://www.ieee.org/ | |||
| IEEE is a non-profit, technical professional association of more than | IEEE is a non-profit, technical professional association of more than | |||
| 360,000 individual members in approximately 175 countries. The IEEE | 360,000 individual members in approximately 175 countries. The IEEE | |||
| produces 30 percent of the world's published literature in electrical | produces 30 percent of the world's published literature in electrical | |||
| engineering, computers and control technology through its technical | engineering, computers and control technology through its technical | |||
| publishing, conferences and consensus-based standards activities. | publishing, conferences and consensus-based standards activities. | |||
| 4.10 IETF - The Internet Engineering Task Force | 4.10 IETF - The Internet Engineering Task Force | |||
| http://www.ietf.org | http://www.ietf.org/ | |||
| IETF is a large, international community open to any interested | IETF is a large, international community open to any interested | |||
| individual concerned with the evolution of the Internet architecture | individual concerned with the evolution of the Internet architecture | |||
| and the smooth operation of the Internet. | and the smooth operation of the Internet. | |||
| 4.11 INCITS - InterNational Committee for Information Technology | 4.11 INCITS - InterNational Committee for Information Technology | |||
| Standards | Standards | |||
| http://www.incits.org | http://www.incits.org/ | |||
| INCITS focuses upon standardization in the field of Information and | INCITS focuses upon standardization in the field of Information and | |||
| Communications Technologies (ICT), encompassing storage, processing, | Communications Technologies (ICT), encompassing storage, processing, | |||
| transfer, display, management, organization, and retrieval of | transfer, display, management, organization, and retrieval of | |||
| information. | information. | |||
| 4.12 INCITS Technical Committee T11 - Fibre Channel Interfaces | 4.12 INCITS Technical Committee T11 - Fibre Channel Interfaces | |||
| http://www.t11.org/index.htm | http://www.t11.org/index.htm | |||
| T11 is responsible for standards development in the areas of | T11 is responsible for standards development in the areas of | |||
| Intelligent Peripheral Interface (IPI), High-Performance Parallel | Intelligent Peripheral Interface (IPI), High-Performance Parallel | |||
| Interface (HIPPI) and Fibre Channel (FC). T11 has a project called | Interface (HIPPI) and Fibre Channel (FC). T11 has a project called | |||
| FC-SP to define Security Protocols for Fibre Channel. | FC-SP to define Security Protocols for Fibre Channel. | |||
| FC-SP Project Proposal: | FC-SP Project Proposal: | |||
| ftp://ftp.t11.org/t11/admin/project_proposals/02-036v2.pdf | ftp://ftp.t11.org/t11/admin/project_proposals/02-036v2.pdf | |||
| 4.13 ISO - The International Organization for Standardization | 4.13 ISO - The International Organization for Standardization | |||
| http://www.iso.org | http://www.iso.org/ | |||
| ISO is a network of the national standards institutes of 148 | ISO is a network of the national standards institutes of 148 | |||
| countries, on the basis of one member per country, with a Central | countries, on the basis of one member per country, with a Central | |||
| Secretariat in Geneva, Switzerland, that coordinates the system. ISO | Secretariat in Geneva, Switzerland, that coordinates the system. ISO | |||
| officially began operations on February 23, 1947. | officially began operations on February 23, 1947. | |||
| 4.14 ITU - International Telecommunication Union | 4.14 ITU - International Telecommunication Union | |||
| http://www.itu.int/ | http://www.itu.int/ | |||
| skipping to change at page 16, line 31 | skipping to change at page 16, line 31 | |||
| NSTAC provides industry-based advice and expertise to the President | NSTAC provides industry-based advice and expertise to the President | |||
| on issues and problems related to implementing national security and | on issues and problems related to implementing national security and | |||
| emergency preparedness (NS/EP) communications policy. Since its | emergency preparedness (NS/EP) communications policy. Since its | |||
| inception, the NSTAC has addressed a wide range of policy and | inception, the NSTAC has addressed a wide range of policy and | |||
| technical issues regarding communications, information systems, | technical issues regarding communications, information systems, | |||
| information assurance, critical infrastructure protection, and other | information assurance, critical infrastructure protection, and other | |||
| NS/EP communications concerns. | NS/EP communications concerns. | |||
| 4.19 TIA - The Telecommunications Industry Association | 4.19 TIA - The Telecommunications Industry Association | |||
| http://www.tiaonline.org | http://www.tiaonline.org/ | |||
| TIA is accredited by ANSI to develop voluntary industry standards for | TIA is accredited by ANSI to develop voluntary industry standards for | |||
| a wide variety of telecommunications products. TIA's Standards and | a wide variety of telecommunications products. TIA's Standards and | |||
| Technology Department is composed of five divisions: Fiber Optics, | Technology Department is composed of five divisions: Fiber Optics, | |||
| User Premises Equipment, Network Equipment, Wireless Communications | User Premises Equipment, Network Equipment, Wireless Communications | |||
| and Satellite Communications. | and Satellite Communications. | |||
| 4.20 Web Services Interoperability Organization (WS-I) | 4.20 Web Services Interoperability Organization (WS-I) | |||
| http://www.ws-i.org/ | http://www.ws-i.org/ | |||
| skipping to change at page 19, line 48 | skipping to change at page 19, line 48 | |||
| Part 2 - Functional Requirements (including Annexes) | Part 2 - Functional Requirements (including Annexes) | |||
| Part 3 - Assurance Requirements | Part 3 - Assurance Requirements | |||
| Documents: Common Criteria V2.1 | Documents: Common Criteria V2.1 | |||
| http://csrc.nist.gov/cc/CC-v2.1.html | http://csrc.nist.gov/cc/CC-v2.1.html | |||
| 5.10 ETSI | 5.10 ETSI | |||
| http://www.etsi.org | http://www.etsi.org/ | |||
| The ETSI hosted the ETSI Global Security Conference in late November, | The ETSI hosted the ETSI Global Security Conference in late November, | |||
| 2003, which could lead to a standard. | 2003, which could lead to a standard. | |||
| Groups related to security located from the ETSI Groups Portal: | Groups related to security located from the ETSI Groups Portal: | |||
| OCG Security | OCG Security | |||
| 3GPP SA3 | 3GPP SA3 | |||
| skipping to change at page 20, line 49 | skipping to change at page 20, line 49 | |||
| Systems (SCAISWG), IEEE Project 1700's purpose is to develop a draft | Systems (SCAISWG), IEEE Project 1700's purpose is to develop a draft | |||
| Standard for Information System Security Assurance Architecture for | Standard for Information System Security Assurance Architecture for | |||
| ballot and during the process begin development of a suite of | ballot and during the process begin development of a suite of | |||
| associated standards for components of that architecture. | associated standards for components of that architecture. | |||
| Documents: http://issaa.org/documents/index.html | Documents: http://issaa.org/documents/index.html | |||
| 5.13 Operational Security Requirements for IP Network Infrastructure : | 5.13 Operational Security Requirements for IP Network Infrastructure : | |||
| Advanced Requirements | Advanced Requirements | |||
| IETF Internet-Draft | IETF RFC 3871 | |||
| Abstract: This document defines a list of operational security | Abstract: This document defines a list of operational security | |||
| requirements for the infrastructure of large ISP IP networks (routers | requirements for the infrastructure of large ISP IP networks (routers | |||
| and switches). A framework is defined for specifying "profiles", | and switches). A framework is defined for specifying "profiles", | |||
| which are collections of requirements applicable to certain network | which are collections of requirements applicable to certain network | |||
| topology contexts (all, core-only, edge-only...). The goal is to | topology contexts (all, core-only, edge-only...). The goal is to | |||
| provide network operators a clear, concise way of communicating their | provide network operators a clear, concise way of communicating their | |||
| security requirements to vendors. | security requirements to vendors. | |||
| Documents: | Documents: | |||
| http://www.ietf.org/internet-drafts/draft-jones-opsec-06.txt | ftp://ftp.rfc-editor.org/in-notes/rfc3871.txt | |||
| 5.14 INCITS Technical Committee T4 - Security Techniques | 5.14 INCITS Technical Committee T4 - Security Techniques | |||
| http://www.incits.org/tc_home/t4.htm | http://www.incits.org/tc_home/t4.htm | |||
| Technical Committee T4, Security Techniques, participates in the | Technical Committee T4, Security Techniques, participates in the | |||
| standardization of generic methods for information technology | standardization of generic methods for information technology | |||
| security. This includes development of: security techniques and | security. This includes development of: security techniques and | |||
| mechanisms; security guidelines; security evaluation criteria; and | mechanisms; security guidelines; security evaluation criteria; and | |||
| identification of generic requirements for information technology | identification of generic requirements for information technology | |||
| skipping to change at page 31, line 44 | skipping to change at page 31, line 44 | |||
| -00 : as the WG ID | -00 : as the WG ID | |||
| Added more information about the ITU-T SG3 Q18 effort to modify | Added more information about the ITU-T SG3 Q18 effort to modify | |||
| ITU-T Recommendation M.3016. | ITU-T Recommendation M.3016. | |||
| -01 : First revision as the WG ID. | -01 : First revision as the WG ID. | |||
| Added information about the NGN in the sections about ATIS, the | Added information about the NGN in the sections about ATIS, the | |||
| NSTAC, and ITU-T. | NSTAC, and ITU-T. | |||
| -02 : Second revision as the WG ID. | ||||
| Updated the date. Corrected some url's and the reference to | ||||
| George's RFC. | ||||
| Note: This section will be removed before publication as an RFC. | Note: This section will be removed before publication as an RFC. | |||
| 10. References | 10. References | |||
| 10.1 Normative References | 10.1 Normative References | |||
| [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement | [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement | |||
| Levels", RFC 2119, STD 14, March 1997. | Levels", RFC 2119, STD 14, March 1997. | |||
| 10.2 Informative References | 10.2 Informative References | |||
| skipping to change at page 33, line 41 | skipping to change at page 33, line 41 | |||
| This document and the information contained herein are provided on an | This document and the information contained herein are provided on an | |||
| "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS | "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS | |||
| OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET | OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET | |||
| ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, | ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, | |||
| INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE | INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE | |||
| INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED | INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED | |||
| WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. | WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. | |||
| Copyright Statement | Copyright Statement | |||
| Copyright (C) The Internet Society (2005). This document is subject | Copyright (C) The Internet Society (2006). This document is subject | |||
| to the rights, licenses and restrictions contained in BCP 78, and | to the rights, licenses and restrictions contained in BCP 78, and | |||
| except as set forth therein, the authors retain all their rights. | except as set forth therein, the authors retain all their rights. | |||
| Acknowledgment | Acknowledgment | |||
| Funding for the RFC Editor function is currently provided by the | Funding for the RFC Editor function is currently provided by the | |||
| Internet Society. | Internet Society. | |||
| End of changes. 19 change blocks. | ||||
| 19 lines changed or deleted | 24 lines changed or added | |||
This html diff was produced by rfcdiff 1.28, available from http://www.levkowetz.com/ietf/tools/rfcdiff/ | ||||