--- 1/draft-ietf-opsec-efforts-01.txt 2006-02-04 17:01:48.000000000 +0100 +++ 2/draft-ietf-opsec-efforts-02.txt 2006-02-04 17:01:48.000000000 +0100 @@ -1,18 +1,18 @@ Network Working Group C. Lonvick Internet-Draft D. Spak -Expires: January 8, 2006 Cisco Systems - July 7, 2005 +Expires: July 21, 2006 Cisco Systems + January 17, 2006 Security Best Practices Efforts and Documents - draft-ietf-opsec-efforts-01.txt + draft-ietf-opsec-efforts-02.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that @@ -23,25 +23,25 @@ and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. - This Internet-Draft will expire on January 8, 2006. + This Internet-Draft will expire on July 21, 2006. Copyright Notice - Copyright (C) The Internet Society (2005). + Copyright (C) The Internet Society (2006). Abstract This document provides a snapshot of the current efforts to define or apply security requirements in various Standards Developing Organizations (SDO). Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 5 @@ -315,50 +315,50 @@ This section of this document lists the SDOs, or organizations that appear to be developing security related standards. These SDOs are listed in alphabetical order. Note: The authors would appreciate corrections and additions. This note will be removed before publication as an RFC. 4.1 3GPP - Third Generation Partnership Project - http://www.3gpp.org + http://www.3gpp.org/ The 3rd Generation Partnership Project (3GPP) is a collaboration agreement formed in December 1998. The collaboration agreement is comprised of several telecommunications standards bodies which are known as "Organizational Partners". The current Organizational Partners involved with 3GPP are ARIB, CCSA, ETSI, ATIS, TTA, and TTC. 4.2 3GPP2 - Third Generation Partnership Project 2 - http://www.3gpp2.org + http://www.3gpp2.org/ Third Generation Partnership Project 2 (3GPP2) is a collaboration among Organizational Partners much like its sister project 3GPP. The Organizational Partners (OPs) currently involved with 3GPP2 are ARIB, CCSA, TIA, TTA, and TTC. In addition to the OPs, 3GPP2 also welcomes the CDMA Development Group and IPv6 Forum as Market Representation Partners for market advice. 4.3 ANSI - The American National Standards Institute - http://www.ansi.org + http://www.ansi.org/ ANSI is a private, non-profit organization that organizes and oversees the U.S. voluntary standardization and conformity assessment system. ANSI was founded October 19, 1918. 4.4 ATIS - Alliance for Telecommunications Industry Solutions - http://www.atis.org + http://www.atis.org/ ATIS is a United States based body that is committed to rapidly developing and promoting technical and operations standards for the communications and related information technologies industry worldwide using pragmatic, flexible and open approach. Committee T1 as a group no longer exists as a result of the recent ATIS reorganization on January 1, 2004. ATIS has restructured the former T1 technical subcommittees into full ATIS standards committees to easily identify and promote the nature of standards work each committee performs. Due to the reorganization, some groups may have @@ -480,73 +480,73 @@ telecommunications standards. ETSI is based in Sophia-Antipolis in the south of France and maintains a membership from 55 countries. Joint work between ETSI and ITU-T SG-17 http://docbox.etsi.org/OCG/OCG/GSC9/GSC9_JointT%26R/ GSC9_Joint_011_Security_Standardization_in_ITU.ppt 4.8 GGF - Global Grid Forum - http://www.gridforum.org + http://www.gridforum.org/ The Global Grid Forum (GGF) is a community-initiated forum of thousands of individuals from industry and research leading the global standardization effort for grid computing. GGF's primary objectives are to promote and support the development, deployment, and implementation of Grid technologies and applications via the creation and documentation of "best practices" - technical specifications, user experiences, and implementation guidelines. 4.9 IEEE - The Institute of Electrical and Electronics Engineers, Inc. - http://www.ieee.org + http://www.ieee.org/ IEEE is a non-profit, technical professional association of more than 360,000 individual members in approximately 175 countries. The IEEE produces 30 percent of the world's published literature in electrical engineering, computers and control technology through its technical publishing, conferences and consensus-based standards activities. 4.10 IETF - The Internet Engineering Task Force - http://www.ietf.org + http://www.ietf.org/ IETF is a large, international community open to any interested individual concerned with the evolution of the Internet architecture and the smooth operation of the Internet. 4.11 INCITS - InterNational Committee for Information Technology Standards - http://www.incits.org + http://www.incits.org/ INCITS focuses upon standardization in the field of Information and Communications Technologies (ICT), encompassing storage, processing, transfer, display, management, organization, and retrieval of information. 4.12 INCITS Technical Committee T11 - Fibre Channel Interfaces http://www.t11.org/index.htm T11 is responsible for standards development in the areas of Intelligent Peripheral Interface (IPI), High-Performance Parallel Interface (HIPPI) and Fibre Channel (FC). T11 has a project called FC-SP to define Security Protocols for Fibre Channel. FC-SP Project Proposal: ftp://ftp.t11.org/t11/admin/project_proposals/02-036v2.pdf 4.13 ISO - The International Organization for Standardization - http://www.iso.org + http://www.iso.org/ ISO is a network of the national standards institutes of 148 countries, on the basis of one member per country, with a Central Secretariat in Geneva, Switzerland, that coordinates the system. ISO officially began operations on February 23, 1947. 4.14 ITU - International Telecommunication Union http://www.itu.int/ @@ -620,21 +620,21 @@ NSTAC provides industry-based advice and expertise to the President on issues and problems related to implementing national security and emergency preparedness (NS/EP) communications policy. Since its inception, the NSTAC has addressed a wide range of policy and technical issues regarding communications, information systems, information assurance, critical infrastructure protection, and other NS/EP communications concerns. 4.19 TIA - The Telecommunications Industry Association - http://www.tiaonline.org + http://www.tiaonline.org/ TIA is accredited by ANSI to develop voluntary industry standards for a wide variety of telecommunications products. TIA's Standards and Technology Department is composed of five divisions: Fiber Optics, User Premises Equipment, Network Equipment, Wireless Communications and Satellite Communications. 4.20 Web Services Interoperability Organization (WS-I) http://www.ws-i.org/ @@ -780,21 +780,21 @@ Part 2 - Functional Requirements (including Annexes) Part 3 - Assurance Requirements Documents: Common Criteria V2.1 http://csrc.nist.gov/cc/CC-v2.1.html 5.10 ETSI - http://www.etsi.org + http://www.etsi.org/ The ETSI hosted the ETSI Global Security Conference in late November, 2003, which could lead to a standard. Groups related to security located from the ETSI Groups Portal: OCG Security 3GPP SA3 @@ -829,32 +829,32 @@ Systems (SCAISWG), IEEE Project 1700's purpose is to develop a draft Standard for Information System Security Assurance Architecture for ballot and during the process begin development of a suite of associated standards for components of that architecture. Documents: http://issaa.org/documents/index.html 5.13 Operational Security Requirements for IP Network Infrastructure : Advanced Requirements - IETF Internet-Draft + IETF RFC 3871 Abstract: This document defines a list of operational security requirements for the infrastructure of large ISP IP networks (routers and switches). A framework is defined for specifying "profiles", which are collections of requirements applicable to certain network topology contexts (all, core-only, edge-only...). The goal is to provide network operators a clear, concise way of communicating their security requirements to vendors. Documents: - http://www.ietf.org/internet-drafts/draft-jones-opsec-06.txt + ftp://ftp.rfc-editor.org/in-notes/rfc3871.txt 5.14 INCITS Technical Committee T4 - Security Techniques http://www.incits.org/tc_home/t4.htm Technical Committee T4, Security Techniques, participates in the standardization of generic methods for information technology security. This includes development of: security techniques and mechanisms; security guidelines; security evaluation criteria; and identification of generic requirements for information technology @@ -1204,20 +1204,25 @@ -00 : as the WG ID Added more information about the ITU-T SG3 Q18 effort to modify ITU-T Recommendation M.3016. -01 : First revision as the WG ID. Added information about the NGN in the sections about ATIS, the NSTAC, and ITU-T. + -02 : Second revision as the WG ID. + + Updated the date. Corrected some url's and the reference to + George's RFC. + Note: This section will be removed before publication as an RFC. 10. References 10.1 Normative References [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", RFC 2119, STD 14, March 1997. 10.2 Informative References @@ -1274,18 +1279,18 @@ This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright Statement - Copyright (C) The Internet Society (2005). This document is subject + Copyright (C) The Internet Society (2006). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. Acknowledgment Funding for the RFC Editor function is currently provided by the Internet Society.