draft-ietf-opsec-efforts-14.txt   draft-ietf-opsec-efforts-15.txt 
Network Working Group C. Lonvick Network Working Group C. Lonvick
Internet-Draft D. Spak Internet-Draft D. Spak
Intended status: Informational Cisco Systems Intended status: Informational Cisco Systems
Expires: August 11, 2011 February 7, 2011 Expires: August 18, 2011 February 14, 2011
Security Best Practices Efforts and Documents Security Best Practices Efforts and Documents
draft-ietf-opsec-efforts-14.txt draft-ietf-opsec-efforts-15.txt
Abstract Abstract
This document provides a snapshot of the current efforts to define or This document provides a snapshot of the current efforts to define or
apply security requirements in various Standards Developing apply security requirements in various Standards Developing
Organizations (SDO). Organizations (SDO).
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted to IETF in full conformance with the
skipping to change at page 1, line 38 skipping to change at page 1, line 38
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on August 11, 2011. This Internet-Draft will expire on August 18, 2011.
Copyright Notice Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 24 skipping to change at page 2, line 24
3.1. ATIS Telecom Glossary 2007 . . . . . . . . . . . . . . . . 8 3.1. ATIS Telecom Glossary 2007 . . . . . . . . . . . . . . . . 8
3.2. Internet Security Glossary - RFC 4949 . . . . . . . . . . 8 3.2. Internet Security Glossary - RFC 4949 . . . . . . . . . . 8
3.3. Compendium of Approved ITU-T Security Definitions . . . . 8 3.3. Compendium of Approved ITU-T Security Definitions . . . . 8
3.4. Microsoft Malware Protection Center . . . . . . . . . . . 9 3.4. Microsoft Malware Protection Center . . . . . . . . . . . 9
3.5. SANS Glossary of Security Terms . . . . . . . . . . . . . 9 3.5. SANS Glossary of Security Terms . . . . . . . . . . . . . 9
3.6. Security Taxonomy and Glossary - Anne & Lynn Wheeler . . . 9 3.6. Security Taxonomy and Glossary - Anne & Lynn Wheeler . . . 9
3.7. NIST - Glossary of Key Information Security Terms . . . . 9 3.7. NIST - Glossary of Key Information Security Terms . . . . 9
4. Standards Developing Organizations . . . . . . . . . . . . . . 11 4. Standards Developing Organizations . . . . . . . . . . . . . . 11
4.1. 3GPP - Third Generation Partnership Project . . . . . . . 11 4.1. 3GPP - Third Generation Partnership Project . . . . . . . 11
4.2. 3GPP2 - Third Generation Partnership Project 2 . . . . . . 11 4.2. 3GPP2 - Third Generation Partnership Project 2 . . . . . . 11
4.3. ANSI - The American National Standards Institute . . . . . 11 4.3. ANSI - The American National Standards Institute . . . . . 12
4.3.1. Accredited Standards Committee X9 (ASC X9) . . . . . . 11 4.3.1. Accredited Standards Committee X9 (ASC X9) . . . . . . 12
4.4. ATIS - Alliance for Telecommunications Industry 4.4. ATIS - Alliance for Telecommunications Industry
Solutions . . . . . . . . . . . . . . . . . . . . . . . . 12 Solutions . . . . . . . . . . . . . . . . . . . . . . . . 12
4.4.1. ATIS NIPP - Network Interface, Power, and 4.4.1. ATIS NPRQ - Network Performance, Reliability, and
Protection Committee, formerly T1E1 . . . . . . . . . 12 Quality of Service Committee, formerly T1A1 . . . . . 13
4.4.2. ATIS NPRQ - Network Performance, Reliability, and 4.4.2. ATIS TMOC - Telecom Management and Operations
Quality of Service Committee, formerly T1A1 . . . . . 12 Committee, formerly T1M1 OAM&P . . . . . . . . . . . . 14
4.4.3. ATIS OBF - Ordering and Billing Forum, formerly
regarding T1M1 O&B . . . . . . . . . . . . . . . . . . 12
4.4.4. ATIS OPTXS - Optical Transport and Synchronization
Committee, formerly T1X1 . . . . . . . . . . . . . . . 13
4.4.5. ATIS TMOC - Telecom Management and Operations
Committee, formerly T1M1 OAM&P . . . . . . . . . . . . 13
4.4.6. ATIS WTSC - Wireless Technologies and Systems
Committee, formerly T1P1 . . . . . . . . . . . . . . . 13
4.4.7. ATIS PTSC - Packet Technologies and Systems
Committee, formerly T1S1 . . . . . . . . . . . . . . . 13
4.4.8. ATIS Protocol Interworking Committee, regarding
T1S1 . . . . . . . . . . . . . . . . . . . . . . . . . 14
4.5. CC - Common Criteria . . . . . . . . . . . . . . . . . . . 14 4.5. CC - Common Criteria . . . . . . . . . . . . . . . . . . . 14
4.6. DMTF - Distributed Management Task Force, Inc. . . . . . . 14 4.6. DMTF - Distributed Management Task Force, Inc. . . . . . . 14
4.7. ETSI - The European Telecommunications Standard 4.7. ETSI - The European Telecommunications Standard
Institute . . . . . . . . . . . . . . . . . . . . . . . . 14 Institute . . . . . . . . . . . . . . . . . . . . . . . . 15
4.8. GGF - Global Grid Forum . . . . . . . . . . . . . . . . . 14 4.7.1. ETSI SEC . . . . . . . . . . . . . . . . . . . . . . . 15
4.7.2. ETSI OCG SEC . . . . . . . . . . . . . . . . . . . . . 15
4.8. GGF - Global Grid Forum . . . . . . . . . . . . . . . . . 16
4.8.1. Global Grid Forum Security Area . . . . . . . . . . . 16
4.9. IEEE - The Institute of Electrical and Electronics 4.9. IEEE - The Institute of Electrical and Electronics
Engineers, Inc. . . . . . . . . . . . . . . . . . . . . . 15 Engineers, Inc. . . . . . . . . . . . . . . . . . . . . . 16
4.9.1. IEEE Computer Society's Technical Committee on
4.10. IETF - The Internet Engineering Task Force . . . . . . . . 15 Security and Privacy . . . . . . . . . . . . . . . . . 17
4.10. IETF - The Internet Engineering Task Force . . . . . . . . 17
4.10.1. IETF Security Area . . . . . . . . . . . . . . . . . . 17
4.11. INCITS - InterNational Committee for Information 4.11. INCITS - InterNational Committee for Information
Technology Standards . . . . . . . . . . . . . . . . . . . 15 Technology Standards . . . . . . . . . . . . . . . . . . . 17
4.11.1. INCITS Technical Committee T11 - Fibre Channel 4.11.1. Identification Cards and Related Devices (B10) . . . . 18
Interfaces . . . . . . . . . . . . . . . . . . . . . . 15 4.11.2. Cyber Security (CS1) . . . . . . . . . . . . . . . . . 18
4.11.3. Biometrics (M1) . . . . . . . . . . . . . . . . . . . 18
4.12. ISO - The International Organization for 4.12. ISO - The International Organization for
Standardization . . . . . . . . . . . . . . . . . . . . . 15 Standardization . . . . . . . . . . . . . . . . . . . . . 18
4.13. ITU - International Telecommunication Union . . . . . . . 16 4.13. ITU - International Telecommunication Union . . . . . . . 19
4.13.1. ITU Telecommunication Standardization Sector - 4.13.1. ITU Telecommunication Standardization Sector -
ITU-T . . . . . . . . . . . . . . . . . . . . . . . . 16 ITU-T . . . . . . . . . . . . . . . . . . . . . . . . 19
4.13.2. ITU Radiocommunication Sector - ITU-R . . . . . . . . 16 4.13.2. ITU Radiocommunication Sector - ITU-R . . . . . . . . 20
4.13.3. ITU Telecom Development - ITU-D . . . . . . . . . . . 16 4.13.3. ITU Telecom Development - ITU-D . . . . . . . . . . . 20
4.14. OASIS - Organization for the Advancement of 4.14. OASIS - Organization for the Advancement of
Structured Information Standards . . . . . . . . . . . . . 16 Structured Information Standards . . . . . . . . . . . . . 21
4.15. OIF - Optical Internetworking Forum . . . . . . . . . . . 17 4.15. OIF - Optical Internetworking Forum . . . . . . . . . . . 21
4.15.1. OAM&P Working Group . . . . . . . . . . . . . . . . . 22
4.16. NRIC - The Network Reliability and Interoperability 4.16. NRIC - The Network Reliability and Interoperability
Council . . . . . . . . . . . . . . . . . . . . . . . . . 17 Council . . . . . . . . . . . . . . . . . . . . . . . . . 22
4.17. National Security Telecommunications Advisory 4.17. National Security Telecommunications Advisory
Committee (NSTAC) . . . . . . . . . . . . . . . . . . . . 17 Committee (NSTAC) . . . . . . . . . . . . . . . . . . . . 22
4.18. TIA - The Telecommunications Industry Association . . . . 17 4.18. TIA - The Telecommunications Industry Association . . . . 23
4.19. TTA - Telecommunications Technology Association . . . . . 18 4.18.1. Critical Infrastructure Protection (CIP) and
4.20. The World Wide Web Consortium . . . . . . . . . . . . . . 18 Homeland Security (HS) . . . . . . . . . . . . . . . . 23
4.21. Web Services Interoperability Organization (WS-I) . . . . 18 4.18.2. Commercial Encryption Source Code and Related
5. Security Best Practices Efforts and Documents . . . . . . . . 19 Information . . . . . . . . . . . . . . . . . . . . . 24
5.1. 3GPP - TSG SA WG3 (Security) . . . . . . . . . . . . . . . 19 4.19. TTA - Telecommunications Technology Association . . . . . 24
5.2. 3GPP2 - TSG-S Working Group 4 (Security) . . . . . . . . . 19 4.20. The World Wide Web Consortium . . . . . . . . . . . . . . 24
4.21. TM Forum . . . . . . . . . . . . . . . . . . . . . . . . . 25
4.21.1. Security Management . . . . . . . . . . . . . . . . . 25
5. Security Best Practices Efforts and Documents . . . . . . . . 27
5.1. 3GPP - TSG SA WG3 (Security) . . . . . . . . . . . . . . . 27
5.2. 3GPP2 - TSG-S Working Group 4 (Security) . . . . . . . . . 27
5.3. American National Standard T1.276-2003 - Baseline 5.3. American National Standard T1.276-2003 - Baseline
Security Requirements for the Management Plane . . . . . . 19 Security Requirements for the Management Plane . . . . . . 27
5.4. DMTF - Security Protection and Management (SPAM) 5.4. DMTF - Security Protection and Management (SPAM)
Working Group . . . . . . . . . . . . . . . . . . . . . . 20 Working Group . . . . . . . . . . . . . . . . . . . . . . 28
5.5. DMTF - User and Security Working Group . . . . . . . . . . 20 5.5. DMTF - User and Security Working Group . . . . . . . . . . 28
5.6. ATIS Work-Plan to Achieve Interoperable, 5.6. ATIS Work-Plan to Achieve Interoperable,
Implementable, End-To-End Standards and Solutions . . . . 20 Implementable, End-To-End Standards and Solutions . . . . 28
5.6.1. ATIS Work on Packet Filtering . . . . . . . . . . . . 20 5.6.1. ATIS Work on Packet Filtering . . . . . . . . . . . . 28
5.7. ATIS Work on the NGN . . . . . . . . . . . . . . . . . . . 21 5.7. ATIS Work on the NGN . . . . . . . . . . . . . . . . . . . 29
5.8. Common Criteria . . . . . . . . . . . . . . . . . . . . . 21 5.8. Common Criteria . . . . . . . . . . . . . . . . . . . . . 29
5.9. ETSI . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 5.9. ETSI . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
5.10. GGF Security Area (SEC) . . . . . . . . . . . . . . . . . 22 5.10. GGF Security Area (SEC) . . . . . . . . . . . . . . . . . 30
5.11. Information System Security Assurance Architecture . . . . 22 5.11. Information System Security Assurance Architecture . . . . 30
5.12. Operational Security Requirements for IP Network 5.12. Operational Security Requirements for IP Network
Infrastructure : Advanced Requirements . . . . . . . . . . 22 Infrastructure : Advanced Requirements . . . . . . . . . . 30
5.13. INCITS CS1 - Cyber Security . . . . . . . . . . . . . . . 23 5.13. ISO Guidelines for the Management of IT Security -
5.14. ISO Guidelines for the Management of IT Security - GMITS . . . . . . . . . . . . . . . . . . . . . . . . . . 31
GMITS . . . . . . . . . . . . . . . . . . . . . . . . . . 23 5.14. ISO JTC 1/SC 27 . . . . . . . . . . . . . . . . . . . . . 32
5.15. ISO JTC 1/SC 27 . . . . . . . . . . . . . . . . . . . . . 24 5.15. ITU-T Study Group 2 . . . . . . . . . . . . . . . . . . . 32
5.16. ITU-T Study Group 2 . . . . . . . . . . . . . . . . . . . 24 5.16. ITU-T Recommendation M.3016 . . . . . . . . . . . . . . . 32
5.17. ITU-T Recommendation M.3016 . . . . . . . . . . . . . . . 25 5.17. ITU-T Recommendation X.805 . . . . . . . . . . . . . . . 33
5.18. ITU-T Recommendation X.805 . . . . . . . . . . . . . . . 25 5.18. ITU-T Study Group 16 . . . . . . . . . . . . . . . . . . . 33
5.19. ITU-T Study Group 16 . . . . . . . . . . . . . . . . . . . 25 5.19. ITU-T Study Group 17 . . . . . . . . . . . . . . . . . . . 33
5.20. ITU-T Study Group 17 . . . . . . . . . . . . . . . . . . . 26 5.20. Catalogue of ITU-T Recommendations related to
5.21. Catalogue of ITU-T Recommendations related to Communications System Security . . . . . . . . . . . . . . 34
Communications System Security . . . . . . . . . . . . . . 26 5.21. ITU-T Security Manual . . . . . . . . . . . . . . . . . . 34
5.22. ITU-T Security Manual . . . . . . . . . . . . . . . . . . 26 5.22. ITU-T NGN Effort . . . . . . . . . . . . . . . . . . . . . 34
5.23. ITU-T NGN Effort . . . . . . . . . . . . . . . . . . . . . 27 5.23. NRIC VI Focus Groups . . . . . . . . . . . . . . . . . . . 35
5.24. NRIC VI Focus Groups . . . . . . . . . . . . . . . . . . . 27 5.24. OASIS Security Joint Committee . . . . . . . . . . . . . . 35
5.25. OASIS Security Joint Committee . . . . . . . . . . . . . . 27 5.25. OASIS Security Services (SAML) TC . . . . . . . . . . . . 35
5.26. OASIS Security Services (SAML) TC . . . . . . . . . . . . 28 5.26. OIF Implementation Agreements . . . . . . . . . . . . . . 35
5.27. OIF Implementation Agreements . . . . . . . . . . . . . . 28 5.27. TIA . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
5.28. TIA . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 5.28. WS-I Basic Security Profile . . . . . . . . . . . . . . . 36
5.29. WS-I Basic Security Profile . . . . . . . . . . . . . . . 29 5.29. NIST Special Publications (800 Series) . . . . . . . . . . 36
5.30. NIST Special Publications (800 Series) . . . . . . . . . . 29 5.30. NIST Interagency or Internal Reports (NISTIRs) . . . . . . 37
5.31. NIST Interagency or Internal Reports (NISTIRs) . . . . . . 29 5.31. NIST ITL Security Bulletins . . . . . . . . . . . . . . . 37
5.32. NIST ITL Security Bulletins . . . . . . . . . . . . . . . 29 5.32. SANS Information Security Reading Room . . . . . . . . . . 37
5.33. SANS Information Security Reading Room . . . . . . . . . . 30 6. Security Considerations . . . . . . . . . . . . . . . . . . . 38
6. Security Considerations . . . . . . . . . . . . . . . . . . . 31 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 39
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 32 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 40
8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 33 9. Changes from Prior Drafts . . . . . . . . . . . . . . . . . . 41
9. Changes from Prior Drafts . . . . . . . . . . . . . . . . . . 34 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 45
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 37
1. Introduction 1. Introduction
The Internet is being recognized as a critical infrastructure similar The Internet is being recognized as a critical infrastructure similar
in nature to the power grid and a potable water supply. Just like in nature to the power grid and a potable water supply. Just like
those infrastructures, means are needed to provide resiliency and those infrastructures, means are needed to provide resiliency and
adaptability to the Internet so that it remains consistently adaptability to the Internet so that it remains consistently
available to the public throughout the world even during times of available to the public throughout the world even during times of
duress or attack. For this reason, many SDOs are developing duress or attack. For this reason, many SDOs are developing
standards with hopes of retaining an acceptable level, or even standards with hopes of retaining an acceptable level, or even
skipping to change at page 11, line 28 skipping to change at page 11, line 28
The 3rd Generation Partnership Project (3GPP) is a collaboration The 3rd Generation Partnership Project (3GPP) is a collaboration
agreement formed in December 1998. The collaboration agreement is agreement formed in December 1998. The collaboration agreement is
comprised of several telecommunications standards bodies which are comprised of several telecommunications standards bodies which are
known as "Organizational Partners". The current Organizational known as "Organizational Partners". The current Organizational
Partners involved with 3GPP are ARIB, CCSA, ETSI, ATIS, TTA, and TTC. Partners involved with 3GPP are ARIB, CCSA, ETSI, ATIS, TTA, and TTC.
4.2. 3GPP2 - Third Generation Partnership Project 2 4.2. 3GPP2 - Third Generation Partnership Project 2
http://www.3gpp2.org/ http://www.3gpp2.org/
Third Generation Partnership Project 2 (3GPP2) is a collaboration The Third Generation Partnership Project 2 (3GPP2) is:
among Organizational Partners much like its sister project 3GPP. The
Organizational Partners (OPs) currently involved with 3GPP2 are ARIB, a collaborative third generation (3G) telecommunications
CCSA, TIA, TTA, and TTC. In addition to the OPs, 3GPP2 also welcomes specifications-setting project
the CDMA Development Group and IPv6 Forum as Market Representation
Partners for market advice. comprising North American and Asian interests developing global
specifications for ANSI/TIA/EIA-41 Cellular Radiotelecommunication
Intersystem Operations network evolution to 3G
and global specifications for the radio transmission technologies
(RTTs) supported by ANSI/TIA/EIA-41.
3GPP2 was born out of the International Telecommunication Union's
(ITU) International Mobile Telecommunications "IMT-2000" initiative,
covering high speed, broadband, and Internet Protocol (IP)-based
mobile systems featuring network-to-network interconnection, feature/
service transparency, global roaming and seamless services
independent of location. IMT-2000 is intended to bring high-quality
mobile multimedia telecommunications to a worldwide mass market by
achieving the goals of increasing the speed and ease of wireless
communications, responding to the problems faced by the increased
demand to pass data via telecommunications, and providing "anytime,
anywhere" services.
4.3. ANSI - The American National Standards Institute 4.3. ANSI - The American National Standards Institute
http://www.ansi.org/ http://www.ansi.org/
ANSI is a private, non-profit organization that organizes and As the voice of the U.S. standards and conformity assessment system,
oversees the U.S. voluntary standardization and conformity assessment the American National Standards Institute (ANSI) empowers its members
system. ANSI was founded October 19, 1918. and constituents to strengthen the U.S. marketplace position in the
global economy while helping to assure the safety and health of
consumers and the protection of the environment.
The Institute oversees the creation, promulgation and use of
thousands of norms and guidelines that directly impact businesses in
nearly every sector: from acoustical devices to construction
equipment, from dairy and livestock production to energy
distribution, and many more. ANSI is also actively engaged in
accrediting programs that assess conformance to standards - including
globally-recognized cross-sector programs such as the ISO 9000
(quality) and ISO 14000 (environmental) management systems.
4.3.1. Accredited Standards Committee X9 (ASC X9) 4.3.1. Accredited Standards Committee X9 (ASC X9)
http://www.x9.org/ http://www.x9.org/
The Accredited Standards Committee X9 (ASC X9) has the mission to The Accredited Standards Committee X9 (ASC X9) has the mission to
develop, establish, maintain, and promote standards for the Financial develop, establish, maintain, and promote standards for the Financial
Services Industry in order to facilitate delivery of financial Services Industry in order to facilitate the delivery of financial
services and products. services and products. Under this mission ASC X9 fulfills the
objectives of: (1) Supporting (maintain, enhance, and promote use of)
existing standards; (2) Facilitating development of new, open
standards based upon consensus; (3) Providing a common source for all
standards affecting the Financial Services Industry; (4) Focusing on
current and future standards needs of the Financial Services
Industry; (5) Promoting use of Financial Services Industry standards;
and (6) Participating and promoting the development of international
standards.
4.4. ATIS - Alliance for Telecommunications Industry Solutions 4.4. ATIS - Alliance for Telecommunications Industry Solutions
http://www.atis.org/ http://www.atis.org/
ATIS is a United States based body that is committed to rapidly ATIS prioritizes the industry's most pressing, technical and
developing and promoting technical and operations standards for the operational issues, and creates interoperable, implementable, end to
communications and related information technologies industry end solutions -- standards when the industry needs them and where
worldwide using pragmatic, flexible and open approach. Committee T1 they need them.
as a group no longer exists as a result of the recent ATIS
reorganization on January 1, 2004. ATIS has restructured the former
T1 technical subcommittees into full ATIS standards committees to
easily identify and promote the nature of standards work each
committee performs. Due to the reorganization, some groups may have
a new mission and scope statement.
4.4.1. ATIS NIPP - Network Interface, Power, and Protection Committee, Over 600 industry professionals from more than 250 communications
formerly T1E1 companies actively participate in ATIS committees and incubator
solutions programs.
http://www.atis.org/0050/index.asp ATIS develops standards and solutions addressing a wide range of
industry issues in a manner that allocates and coordinates industry
resources and produces the greatest return for communications
companies.
ATIS Network Interface, Power, and Protection Committee develops and ATIS creates solutions that support the rollout of new products and
recommends standards and technical reports related to power systems, services into the information, entertainment and communications
electrical and physical protection for the exchange and interexchange marketplace. Its activities provide the basis for the industry's
carrier networks, and interfaces associated with user access to delivery of:
telecommunications networks.
4.4.2. ATIS NPRQ - Network Performance, Reliability, and Quality of Existing and next generation IP-based infrastructures;
Service Committee, formerly T1A1
http://www.atis.org/0010/index.asp Reliable converged multimedia services, including IPTV;
ATIS Network Performance, Reliability and Quality of Service Enhanced Operations Support Systems and Business Support Systems;
Committee develops and recommends standards, requirements, and and
technical reports related to the performance, reliability, and
associated security aspects of communications networks, as well as
the processing of voice, audio, data, image, and video signals, and
their multimedia integration.
4.4.3. ATIS OBF - Ordering and Billing Forum, formerly regarding T1M1 Greater levels of service quality and performance.
O&B
http://www.atis.org/obf/index.asp ATIS is accredited by the American National Standards Institute
(ANSI).
The T1M1 O&B subcommittee has become part of the ATIS Ordering and 4.4.1. ATIS NPRQ - Network Performance, Reliability, and Quality of
Billing Forum. Service Committee, formerly T1A1
The ATIS-sponsored Ordering and Billing Forum (OBF) provides a forum http://www.atis.org/0010/index.asp
for customers and providers in the telecommunications industry to
identify, discuss and resolve national issues which affect ordering,
billing, provisioning and exchange of information about access
services, other connectivity and related matters.
4.4.4. ATIS OPTXS - Optical Transport and Synchronization Committee, PRQC develops and recommends standards,requirements, and technical
formerly T1X1 reports related to the performance,reliability, and associated
security aspects of communications networks, as well as the
processing of voice, audio, data, image,and video signals, and their
multimedia integration. PRQC alsodevelops andrecommends positions
on, and foster consistency with, standards and related subjects under
consideration in other North American and international standards
bodies.
http://www.atis.org/0240/index.asp PRQC Focus Areas are:
ATIS Optical Transport and Synchronization Committee develops and Performance and Reliability of Networks (e.g. IP, ATM, OTN, and
recommends standards and prepares technical reports related to PSTN), and Services (e.g. Frame Relay, Dedicated and Switched
telecommunications network technology pertaining to network Data),
synchronization interfaces and hierarchical structures including
optical technology.
4.4.5. ATIS TMOC - Telecom Management and Operations Committee, Security-related aspects,
Emergency communications-related aspects,
Coding (e.g. video and speech), at and between carrier-to-carrier
and carrier-to-customer interfaces, with due consideration of end-
user applications.
4.4.2. ATIS TMOC - Telecom Management and Operations Committee,
formerly T1M1 OAM&P formerly T1M1 OAM&P
http://www.atis.org/0130/index.asp http://www.atis.org/0130/index.asp
ATIS Telecom Management and Operations Committee develops The Telecom Management and Operations Committee (TMOC) develops
internetwork operations, administration, maintenance and provisioning operations, administration, maintenance and provisioning standards,
standards, and technical reports related to interfaces for and other documentation related to Operations Support System (OSS)
telecommunications networks. and Network Element (NE) functions and interfaces for communications
networks - with an emphasis on standards development related to
U.S.A. communication networks in coordination with the development of
international standards.
4.4.6. ATIS WTSC - Wireless Technologies and Systems Committee, The scope of the work in TMOC includes the development of standards
formerly T1P1 and other documentation for communications network operations and
management areas, such as: Configuration Management, Performance
Management (including in-service transport performance management),
Fault Management, Security Management (including management plane
security), Accounting Management, Coding/Language Data
Representation, Common/Underlying Management Functionality/
Technology, and Ancillary Functions (such as network tones and
announcements). This work requires close and coordinated working
relationships with other domestic and international standards
development organizations and industry forums.
http://www.atis.org/0160/index.asp 4.5. CC - Common Criteria
ATIS Wireless Technologies and Systems Committee develops and http://www.commoncriteriaportal.org/
recommends standards and technical reports related to wireless and/or
mobile services and systems, including service descriptions and
wireless technologies.
4.4.7. ATIS PTSC - Packet Technologies and Systems Committee, formerly Common Criteria is a framework in which computer system users can
T1S1 specify their security functional and assurance requirements, vendors
can then implement and/or make claims about the security attributes
of their products, and testing laboratories can evaluate the products
to determine if they actually meet the claims. In other words,
Common Criteria provides assurance that the process of specification,
implementation and evaluation of a computer security product has been
conducted in a rigorous and standard manner. [attribute wikipedia]
http://www.atis.org/0191/index.asp 4.6. DMTF - Distributed Management Task Force, Inc.
T1S1 was split into two separate ATIS committees: the ATIS Packet http://www.dmtf.org/
Technologies and Systems Committee and the ATIS Protocol Interworking
Committee. PTSC is responsible for producing standards to secure
signalling.
The basic document is PTSC-SEC-2005-059.doc which is in Letter Ballot DMTF enables more effective management of millions of IT systems
at this time. It is expected to move to an ANSI standard. worldwide by bringing the IT industry together to collaborate on the
development, validation and promotion of systems management
standards. DMTF management standards are critical to enabling
management interoperability among multi-vendor systems, tools and
solutions within the enterprise. We are committed to protecting
companies' IT investments by creating standards that promote multi-
vendor interoperability. Our dedication to fostering collaboration
within the industry provides a win-win situation for vendors and IT
personnel alike.
4.4.8. ATIS Protocol Interworking Committee, regarding T1S1 4.7. ETSI - The European Telecommunications Standard Institute
T1S1 was split into two separate ATIS committees: the ATIS Packet http://www.etsi.org/
Technologies and Systems Committee and the ATIS Protocol Interworking
Committee. As a result of the reorganization of T1S1, these groups
will also probably have a new mission and scope.
4.5. CC - Common Criteria The European Telecommunications Standards Institute (ETSI) produces
globally-applicable standards for Information and Communications
Technologies (ICT), including fixed, mobile, radio, converged,
broadcast and internet technologies.
http://www.commoncriteriaportal.org/ ETSI is officially recognized by the European Union as a European
Standards Organization.
In June 1993, the sponsoring organizations of the existing US, 4.7.1. ETSI SEC
Canadian, and European criterias (TCSEC, ITSEC, and similar) started
the Common Criteria Project to align their separate criteria into a
single set of IT security criteria.
4.6. DMTF - Distributed Management Task Force, Inc. http://portal.etsi.org/portal/server.pt/gateway/
PTARGS_0_13938_491_312_425_43/tb/closed_tb/sec.asp
http://www.dmtf.org/ Board#38 confirmed the closure of TC SEC.
Founded in 1992, the DMTF brings the technology industry's customers At the same time it approved the creation of an OCG Ad Hoc group OCG
and top vendors together in a collaborative, working group approach Security
that involves DMTF members in all aspects of specification
development and refinement.
4.7. ETSI - The European Telecommunications Standard Institute TC SEC documents can be found in the SEC archive
http://www.etsi.org/ The SEC Working groups (ESI and LI) were closed and TC ESI and a TC
LI were created to continue the work.
ETSI is an independent, non-profit organization which produces All documents and information relevant to ESI and LI are available
telecommunications standards. ETSI is based in Sophia-Antipolis in from the TC ESI and TC LI sites
the south of France and maintains a membership from 55 countries.
Joint work between ETSI and ITU-T SG-17 4.7.2. ETSI OCG SEC
http://www.tta.or.kr/gsc/upload/ http://portal.etsi.org/ocgsecurity/OCG_security_ToR.asp
GSC9_Joint_011_Security_Standardization_in_ITU.ppt
The group's primary role is to provide a light-weight horizontal co-
ordination structure for security issues that will ensure this work
is seriously considered in each ETSI TB and that any duplicate or
conflicting work is detected. To achieve this aim the group should
mainly conduct its work via email and, where appropriate, co-sited
"joint security" technical working meetings.
When scheduled, appropriate time at each "joint SEC" meeting should
be allocated during the meetings to allow for:
Individual committee activities as well as common work;
Coordination between the committees; and
Experts to contribute to more than one committee.
4.8. GGF - Global Grid Forum 4.8. GGF - Global Grid Forum
http://www.gridforum.org/ http://www.gridforum.org/
The Global Grid Forum (GGF) is a community-initiated forum of The Global Grid Forum (GGF) is a community-initiated forum of
thousands of individuals from industry and research leading the thousands of individuals from industry and research leading the
global standardization effort for grid computing. GGF's primary global standardization effort for grid computing. GGF's primary
objectives are to promote and support the development, deployment, objectives are to promote and support the development, deployment,
and implementation of grid technologies and applications via the and implementation of grid technologies and applications via the
creation and documentation of "best practices" - technical creation and documentation of "best practices" - technical
specifications, user experiences, and implementation guidelines. specifications, user experiences, and implementation guidelines.
4.8.1. Global Grid Forum Security Area
http://www.ogf.org/gf/group_info/areasgroups.php?area_id=7
The Security Area is concerned with technical and operational
security issues in Grid environments, including authentication,
authorization, privacy, confidentiality, auditing, firewalls, trust
establishment, policy establishment, and dynamics, scalability and
management aspects of all of the above.
The Security Area is comprised of the following Working Groups and
Research Groups.
Certificate Authority Operations WG (CAOPS-WG)
Firewall Issues RG (FI-RG)
Levels Of Authentication Assurance Research Group (LOA-RG)
OGSA Authorization WG (OGSA-AUTHZ-WG)
4.9. IEEE - The Institute of Electrical and Electronics Engineers, Inc. 4.9. IEEE - The Institute of Electrical and Electronics Engineers, Inc.
http://www.ieee.org/ http://www.ieee.org/
IEEE is a non-profit, professional association of more than 360,000 IEEE is the world's largest professional association dedicated to
individual members in approximately 175 countries. The IEEE produces advancing technological innovation and excellence for the benefit of
30 percent of the world's published literature in electrical humanity. IEEE and its members inspire a global community through
engineering, computers, and control technology through its technical IEEE's highly cited publications, conferences, technology standards,
publishing, conferences, and consensus-based standards activities. and professional and educational activities.
4.9.1. IEEE Computer Society's Technical Committee on Security and
Privacy
http://www.ieee-security.org/
4.10. IETF - The Internet Engineering Task Force 4.10. IETF - The Internet Engineering Task Force
http://www.ietf.org/ http://www.ietf.org/
IETF is a large, international community open to any interested The goal of the IETF is to make the Internet work better.
individual concerned with the evolution of the Internet architecture
and the smooth operation of the Internet. The mission of the IETF is to make the Internet work better by
producing high quality, relevant technical documents that influence
the way people design, use, and manage the Internet.
4.10.1. IETF Security Area
The Working Groups in the Security Area may be found from this page.
http://datatracker.ietf.org/wg/
The wiki page for the IETF Security Area may be found here.
http://trac.tools.ietf.org/area/sec/trac/wiki
4.11. INCITS - InterNational Committee for Information Technology 4.11. INCITS - InterNational Committee for Information Technology
Standards Standards
http://www.incits.org/ http://www.incits.org/
INCITS focuses upon standardization in the field of Information and INCITS is the primary U.S. focus of standardization in the field of
Communications Technologies (ICT), encompassing storage, processing, Information and Communications Technologies (ICT), encompassing
transfer, display, management, organization, and retrieval of storage, processing, transfer, display, management, organization, and
information. retrieval of information. As such, INCITS also serves as ANSI's
Technical Advisory Group for ISO/IEC Joint Technical Committee 1.
JTC 1 is responsible for International standardization in the field
of Information Technology.
4.11.1. INCITS Technical Committee T11 - Fibre Channel Interfaces There are three active Groups in the Security / ID Technical
Committee.
http://www.t11.org/index.htm 4.11.1. Identification Cards and Related Devices (B10)
T11 is responsible for standards development in the areas of http://standards.incits.org/a/public/group/b10
Intelligent Peripheral Interface (IPI), High-Performance Parallel
Interface (HIPPI) and Fibre Channel (FC). T11 has a project called
FC-SP to define Security Protocols for Fibre Channel.
FC-SP Project Proposal: Development of national and international standards in the area of
ftp://ftp.t11.org/t11/admin/project_proposals/02-036v2.pdf identification cards and related devices for use in inter-industry
applications and international interchange.
4.11.2. Cyber Security (CS1)
http://standards.incits.org/a/public/group/cs1
INCITS/CS1 was established in April 2005 to serve as the US TAG for
ISO/IEC JTC 1/SC 27 and all SC 27 Working Groups.
The scope of CS1 explicitly excludes the areas of work on cyber
security standardization presently underway in INCITS B10, M1, T3,
T10 and T11; as well as other standard groups, such as ATIS, IEEE,
IETF, TIA, and X9.
4.11.3. Biometrics (M1)
http://standards.incits.org/a/public/group/m1
INCITS/M1, Biometrics Technical Committee was established by the
Executive Board of INCITS in November 2001 to ensure a high priority,
focused, and comprehensive approach in the United States for the
rapid development and approval of formal national and international
generic biometric standards. The M1 program of work includes
biometric standards for data interchange formats, common file
formats, application program interfaces, profiles, and performance
testing and reporting. The goal of M1's work is to accelerate the
deployment of significantly better, standards-based security
solutions for purposes, such as, homeland defense and the prevention
of identity theft as well as other government and commercial
applications based on biometric personal authentication.
4.12. ISO - The International Organization for Standardization 4.12. ISO - The International Organization for Standardization
http://www.iso.org/ http://www.iso.org/
ISO is a network of the national standards institutes of 148 SO (International Organization for Standardization) is the world's
countries, on the basis of one member per country, with a Central largest developer and publisher of International Standards.
Secretariat in Geneva, Switzerland, that coordinates the system. ISO
officially began operations on February 23, 1947. ISO is a network of the national standards institutes of 160
countries, one member per country, with a Central Secretariat in
Geneva, Switzerland, that coordinates the system.
ISO is a non-governmental organization that forms a bridge between
the public and private sectors. On the one hand, many of its member
institutes are part of the governmental structure of their countries,
or are mandated by their government. On the other hand, other
members have their roots uniquely in the private sector, having been
set up by national partnerships of industry associations.
Therefore, ISO enables a consensus to be reached on solutions that
meet both the requirements of business and the broader needs of
society.
4.13. ITU - International Telecommunication Union 4.13. ITU - International Telecommunication Union
http://www.itu.int/ http://www.itu.int/
The ITU is an international organization within the United Nations ITU is the leading United Nations agency for information and
System headquartered in Geneva, Switzerland. The ITU is comprised of communication technology issues, and the global focal point for
three sectors: governments and the private sector in developing networks and
services. For 145 years, ITU has coordinated the shared global use
of the radio spectrum, promoted international cooperation in
assigning satellite orbits, worked to improve telecommunication
infrastructure in the developing world, established the worldwide
standards that foster seamless interconnection of a vast range of
communications systems and addressed the global challenges of our
times, such as mitigating climate change and strengthening
cybersecurity.
ITU also organizes worldwide and regional exhibitions and forums,
such as ITU TELECOM WORLD, bringing together the most influential
representatives of government and the telecommunications and ICT
industry to exchange ideas, knowledge and technology for the benefit
of the global community, and in particular the developing world.
From broadband Internet to latest-generation wireless technologies,
from aeronautical and maritime navigation to radio astronomy and
satellite-based meteorology, from convergence in fixed-mobile phone,
Internet access, data, voice and TV broadcasting to next-generation
networks, ITU is committed to connecting the world.
The ITU is comprised of three sectors:
4.13.1. ITU Telecommunication Standardization Sector - ITU-T 4.13.1. ITU Telecommunication Standardization Sector - ITU-T
http://www.itu.int/ITU-T/ http://www.itu.int/ITU-T/
ITU-T's mission is to ensure an efficient and on-time production of ITU-T Recommendations are defining elements in information and
high quality standards covering all fields of telecommunications. communication technologies (ICTs) infrastructure. Whether we
exchange voice, data or video messages, communications cannot take
place without standards linking the sender and the receiver. Today's
work extends well beyond the traditional areas of telephony to
encompass a far wider range of information and communications
technologies.
4.13.2. ITU Radiocommunication Sector - ITU-R 4.13.2. ITU Radiocommunication Sector - ITU-R
http://www.itu.int/ITU-R/ http://www.itu.int/ITU-R/
The ITU-R plays a vital role in the management of the radio-frequency The ITU Radiocommunication Sector (ITU-R) plays a vital role in the
spectrum and satellite orbits. global management of the radio-frequency spectrum and satellite
orbits - limited natural resources which are increasingly in demand
from a large and growing number of services such as fixed, mobile,
broadcasting, amateur, space research, emergency telecommunications,
meteorology, global positioning systems, environmental monitoring and
communication services - that ensure safety of life on land, at sea
and in the skies.
4.13.3. ITU Telecom Development - ITU-D 4.13.3. ITU Telecom Development - ITU-D
(also referred as ITU Telecommunication Development Bureau - BDT) (also referred as ITU Telecommunication Development Bureau - BDT)
http://www.itu.int/ITU-D/ http://www.itu.int/ITU-D/
The Telecommunication Development Bureau (BDT) is the executive arm The mission of the Telecommunication Development Sector (ITU-D) aims
of the Telecommunication Development Sector. Its duties and at achieving the Sector's objectives based on the right to
responsibilities cover a variety of functions ranging from programme communicate of all inhabitants of the planet through access to
supervision and technical advice to the collection, processing and infrastructure and information and communication services.
publication of information relevant to telecommunication development.
In this regard, the mission is to:
Assist countries in the field of information and communication
technologies (ICTs), in facilitating the mobilization of
technical, human and financial resources needed for their
implementation, as well as in promoting access to ICTs.
Promote the extension of the benefits of ICTs to all the world's
inhabitants.
Promote and participate in actions that contribute towards
narrowing the digital divide.
Develop and manage programmes that facilitate information flow
geared to the needs of developing countries.
The mission encompasses ITU's dual responsibility as a United
Nations specialized agency and an executing agency for
implementing projects under the United Nations development system
or other funding arrangements.
4.14. OASIS - Organization for the Advancement of Structured 4.14. OASIS - Organization for the Advancement of Structured
Information Standards Information Standards
http://www.oasis-open.org/ http://www.oasis-open.org/
OASIS is a not-for-profit, international consortium that drives the OASIS (Organization for the Advancement of Structured Information
development, convergence, and adoption of e-business standards. Standards) is a not-for-profit consortium that drives the
development, convergence and adoption of open standards for the
global information society. The consortium produces more Web
services standards than any other organization along with standards
for security, e-business, and standardization efforts in the public
sector and for application-specific markets. Founded in 1993, OASIS
has more than 5,000 participants representing over 600 organizations
and individual members in 100 countries.
OASIS is distinguished by its transparent governance and operating
procedures. Members themselves set the OASIS technical agenda, using
a lightweight process expressly designed to promote industry
consensus and unite disparate efforts. Completed work is ratified by
open ballot. Governance is accountable and unrestricted. Officers
of both the OASIS Board of Directors and Technical Advisory Board are
chosen by democratic election to serve two-year terms. Consortium
leadership is based on individual merit and is not tied to financial
contribution, corporate standing, or special appointment.
OASIS has several Technical Committees in the Security Category.
http://www.oasis-open.org/committees/tc_cat.php?cat=security
4.15. OIF - Optical Internetworking Forum 4.15. OIF - Optical Internetworking Forum
http://www.oiforum.com/ http://www.oiforum.com/
On April 20, 1998 Cisco Systems and Ciena Corporation announced an "The Optical Internetworking Forum (OIF) promotes the development and
industry-wide initiative to create the Optical Internetworking Forum, deployment of interoperable networking solutions and services through
an open forum focused on accelerating the deployment of optical the creation of Implementation Agreements (IAs) for optical
internetworks. networking products, network processing elements, and component
technologies. Implementation agreements will be based on
requirements developed cooperatively by end-users, service providers,
equipment vendors and technology providers, and aligned with
worldwide standards, augmented if necessary. This is accomplished
through industry member participation working together to develop
specifications (IAs) for:
External network element interfaces
Software interfaces internal to network elements
Hardware component interfaces internal to network elements
The OIF will create Benchmarks, perform worldwide interoperability
testing, build market awareness and promote education for
technologies, services and solutions. The OIF will provide feedback
to worldwide standards organizations to help achieve a set of
implementable, interoperable solutions."
4.15.1. OAM&P Working Group
http://www.oiforum.com/public/oamp.html
In concert with the Carrier, Architecture & Signaling and other OIF
working groups, the Operations, Administration, Maintenance, &
Provisioning (OAM&P) working group develops architectures,
requirements, guidelines, and implementation agreements critical to
widespread deployment of interoperable optical networks by carriers.
The scope includes but is not limited to a) planning, engineering and
provisioning of network resources; b) operations, maintenance or
administration use cases and processes; and c) management
functionality and interfaces for operations support systems and
interoperable network equipment. Within its scope are Fault,
Configuration, Accounting, Performance and Security Management
(FCAPS) and Security. The OAM&P working group will also account for
work by related standards development organizations (SDOs), identify
gaps and formulate OIF input to other SDOs as may be appropriate.
4.16. NRIC - The Network Reliability and Interoperability Council 4.16. NRIC - The Network Reliability and Interoperability Council
http://www.nric.org/ http://www.nric.org/
The purposes of the Committee are to give telecommunications industry The mission of the NRIC is partner with the Federal Communications
leaders the opportunity to provide recommendations to the FCC and to Commission, the communications industry and public safety to
the industry that assure optimal reliability and interoperability of facilitate enhancement of emergency communications networks, homeland
telecommunications networks. The Committee addresses topics in the security, and best practices across the burgeoning telecommunications
area of Homeland Security, reliability, interoperability, and industry.
broadband deployment.
It appears that the last NRIC Council concluded in 2005.
4.17. National Security Telecommunications Advisory Committee (NSTAC) 4.17. National Security Telecommunications Advisory Committee (NSTAC)
http://www.ncs.gov/nstac/nstac.html http://www.ncs.gov/nstac/nstac.html
President Ronald Reagan created the National Security President Ronald Reagan created the National Security
Telecommunications Advisory Committee (NSTAC) by Executive Order Telecommunications Advisory Committee (NSTAC) by Executive Order
12382 in September 1982. Since then, the NSTAC has served four 12382 in September 1982. Composed of up to 30 industry chief
presidents. Composed of up to 30 industry chief executives executives representing the major communications and network service
representing the major communications and network service providers providers and information technology, finance, and aerospace
and information technology, finance, and aerospace companies, the companies, the NSTAC provides industry-based advice and expertise to
NSTAC provides industry-based advice and expertise to the President the President on issues and problems related to implementing national
on issues and problems related to implementing national security and security and emergency preparedness (NS/EP) communications policy.
emergency preparedness (NS/EP) communications policy. Since its Since its inception, the NSTAC has addressed a wide range of policy
inception, the NSTAC has addressed a wide range of policy and and technical issues regarding communications, information systems,
technical issues regarding communications, information systems,
information assurance, critical infrastructure protection, and other information assurance, critical infrastructure protection, and other
NS/EP communications concerns. NS/EP communications concerns.
The mission of the NSTAC: Meeting our Nation's critical national
security and emergency preparedness (NS/EP) challenges demands
attention to many issues. Among these, none could be more important
than the availability and reliability of telecommunication services.
The President's National Security Telecommunications Advisory
Committee (NSTAC) mission is to provide the U.S. Government the best
possible industry advice in these areas.
4.18. TIA - The Telecommunications Industry Association 4.18. TIA - The Telecommunications Industry Association
http://www.tiaonline.org/ http://www.tiaonline.org/
TIA is accredited by ANSI to develop voluntary industry standards for The Telecommunications Industry Association (TIA) is the leading
a wide variety of telecommunications products. TIA's Standards and trade association representing the global information and
Technology Department is composed of five divisions: Fiber Optics, communications technology (ICT) industries through standards
User Premises Equipment, Network Equipment, Wireless Communications development, government affairs, business opportunities, market
and Satellite Communications. intelligence, certification and world-wide environmental regulatory
compliance. With support from its 600 members, TIA enhances the
business environment for companies involved in telecommunications,
broadband, mobile wireless, information technology, networks, cable,
satellite, unified communications, emergency communications and the
greening of technology. TIA is accredited by ANSI.
4.18.1. Critical Infrastructure Protection (CIP) and Homeland Security
(HS)
http://www.tiaonline.org/standards/technology/ciphs/
This TIA webpage identifies and links to many standards, other
technical documents and ongoing activity involving or supporting
TIA's role in Public Safety and Homeland Security, Network Security,
Critical Infrastructure Protection and Assurance, National Security/
Emergency Preparedness, Emergency Communications Services, Emergency
Calling and Location Identification Services, and the Needs of First
Responders. For the purpose of this webpage, national/international
terms relating to public safety and disaster response can be
considered synonymous (and interchangeable) with terms relating to
public protection and disaster relief.
4.18.2. Commercial Encryption Source Code and Related Information
http://www.tiaonline.org/standards/technology/ahag/index.cfm
This section seems to link to commercial encryption source code.
Access requires agreement to terms and conditions and then
registration.
4.19. TTA - Telecommunications Technology Association 4.19. TTA - Telecommunications Technology Association
http://www.tta.or.kr/Home2003/main/index.jsp http://www.tta.or.kr/ http://www.tta.or.kr/English/index.jsp
http://www.tta.or.kr/English/new/main/index.htm (English) (English)
TTA (Telecommunications Technology Association) is a IT standards The purpose of TTA is to contribute to the advancement of technology
organization that develops new standards and provides one-stop and the promotion of information and telecommunications services and
services for the establishment of IT standards as well as providing industry as well as the development of national economy, by
testing and certification for IT products. effectively stablishing and providing technical standards that
reflect the latest domestic and international technological advances,
needed for the planning, design and operation of global end-to-end
telecommunications and related information services, in close
collaboration with companies, organizations and groups concerned with
information and telecommunications such as network operators, service
providers, equipment manufacturers, academia, R&D institutes, etc.
4.20. The World Wide Web Consortium 4.20. The World Wide Web Consortium
http://www.w3.org/Consortium/ http://www.w3.org/Consortium/
The World Wide Web Consortium (W3C) is an international consortium The World Wide Web Consortium (W3C) is an international community
where Member organizations, a full-time staff, and the public work where Member organizations, a full-time staff, and the public work
together to develop Web standards. W3C's mission is: To lead the together to develop Web standards. Led by Web inventor Tim Berners-
World Wide Web to its full potential by developing protocols and Lee and CEO Jeffrey Jaffe, W3C's mission is to lead the Web to its
guidelines that ensure long-term growth for the Web. full potential.
The security work within the W3C
http://www.w3.org/Security/Activity http://www.w3.org/Security/Activity
4.21. Web Services Interoperability Organization (WS-I) The work in the W3C Security Activity currently comprises two Working
Groups, the Web Security Context Working Group and the XML Security
Working Group.
http://www.ws-i.org/ The Web Security Context Working Group focuses on the challenges that
arise when users encounter currently deployed security technology,
such as TLS: While this technology achieves its goals on a technical
level, attackers' strategies shift towards bypassing the security
technology instead of breaking it. When users do not understand the
security context in which they operate, then it becomes easy to
deceive and defraud them. This Working Group is planning to see its
main deliverable, the User Interface Guidelines, through to
Recommendation, but will not engage in additional recommendation
track work beyond this deliverable. The Working Group is currently
operating at reduced Team effort (compared to the initial effort
reserved to this Working Group). Initial (and informal)
conversations about forming an Interest Group that could serve as a
place for community-building and specification review have not led as
far as we had hoped at the previous Advisory Committee Meeting, but
are still on the Team's agenda.
WS-I is an open, industry organization chartered to promote Web The XML Security Working Group started up in summer 2008, and has
services interoperability across platforms, operating systems, and decided to publish an interim set of 1.1 specifications as it works
programming languages. The organization works across the industry towards producing a more radical change to XML Signature. The XML
and standards organizations to respond to customer needs by providing Signature 1.1 and XML Encryption 1.1 specifications clarify and
guidance, best practices, and resources for developing Web services enhance the previous specifications without introducing breaking
solutions. changes, although they do introduce new algorithms.
4.21. TM Forum
http://www.tmforum.org/
With more than 700 corporate members in 195 countries, TM Forum is
the world's leading industry association focused on enabling best-in-
class IT for service providers in the communications, media and cloud
service markets. The Forum provides business-critical industry
standards and expertise to enable the creation, delivery and
monetization of digital services.
TM Forum brings together the world's largest communications,
technology and media companies, providing an innovative, industry-
leading approach to collaborative R&D, along with wide range of
support services including benchmarking, training and certification.
The Forum produces the renowned international Management World
conference series, as well as thought-leading industry research and
publications.
4.21.1. Security Management
http://www.tmforum.org/SecurityManagement/9152/home.html
Securing networks, cyber, clouds, and identity against evolving and
ever present threats has emerged as a top priority for TM Forum
members. In response, the TM Forum's Security Management Initiative
was formally launched in 2009. While some of our Security Management
efforts, such as Identity Management, are well established and boast
mature Business Agreements and Interfaces, a series of presentations,
contributions, and multi-vendor technology demonstrations have jumped
started work efforts on industry hot topics Network Defense, Cyber
Security, and security for single and multi-regional enterprise
application cloud bursting. Our aim is to produce Security
Management rich frameworks, best practices, and guidebooks.
5. Security Best Practices Efforts and Documents 5. Security Best Practices Efforts and Documents
This section lists the works produced by the SDOs. This section lists the works produced by the SDOs.
5.1. 3GPP - TSG SA WG3 (Security) 5.1. 3GPP - TSG SA WG3 (Security)
http://www.3gpp.org/TB/SA/SA3/SA3.htm http://www.3gpp.org/TB/SA/SA3/SA3.htm
TSG SA WG3 Security is responsible for the security of the 3GPP TSG SA WG3 Security is responsible for the security of the 3GPP
skipping to change at page 23, line 10 skipping to change at page 31, line 10
and switches). A framework is defined for specifying "profiles", and switches). A framework is defined for specifying "profiles",
which are collections of requirements applicable to certain network which are collections of requirements applicable to certain network
topology contexts (all, core-only, edge-only...). The goal is to topology contexts (all, core-only, edge-only...). The goal is to
provide network operators a clear, concise way of communicating their provide network operators a clear, concise way of communicating their
security requirements to vendors. security requirements to vendors.
Documents: Documents:
ftp://ftp.rfc-editor.org/in-notes/rfc3871.txt ftp://ftp.rfc-editor.org/in-notes/rfc3871.txt
5.13. INCITS CS1 - Cyber Security 5.13. ISO Guidelines for the Management of IT Security - GMITS
http://cs1.incits.org/
INCITS/CS1 was established in April 2005 to serve as the US TAG for
ISO/IEC JTC 1/SC 27 and all SC 27 Working Groups except WG 2
(INCITS/T4 serves as the US TAG to SC 27/WG 2).
The scope of CS1 explicitly excludes the areas of work on cyber
security standardization presently underway in INCITS B10, M1 and T3;
as well as other standard groups, such as ATIS, IEEE, IETF, TIA, and
X9. INCITS T4's area of work would be narrowed to cryptography
projects in ISO/IEC JTC 1/SC 27 WG 2 (Security techniques and
mechanisms).
5.14. ISO Guidelines for the Management of IT Security - GMITS
Guidelines for the Management of IT Security -- Part 1: Concepts and Guidelines for the Management of IT Security -- Part 1: Concepts and
models for IT Security models for IT Security
http://www.iso.ch/iso/en/ http://www.iso.ch/iso/en/
CatalogueDetailPage.CatalogueDetail?CSNUMBER=21733&ICS1=35 CatalogueDetailPage.CatalogueDetail?CSNUMBER=21733&ICS1=35
Guidelines for the Management of IT Security -- Part 2: Managing and Guidelines for the Management of IT Security -- Part 2: Managing and
planning IT Security planning IT Security
skipping to change at page 24, line 19 skipping to change at page 32, line 5
http://www.iso.org/iso/en/ http://www.iso.org/iso/en/
CatalogueDetailPage.CatalogueDetail?CSNUMBER=31142&ICS1=35&ICS2=40& CatalogueDetailPage.CatalogueDetail?CSNUMBER=31142&ICS1=35&ICS2=40&
ICS3= ICS3=
Open Systems Interconnection -- Network layer security protocol Open Systems Interconnection -- Network layer security protocol
http://www.iso.org/iso/en/ http://www.iso.org/iso/en/
CatalogueDetailPage.CatalogueDetail?CSNUMBER=22084&ICS1=35&ICS2=100& CatalogueDetailPage.CatalogueDetail?CSNUMBER=22084&ICS1=35&ICS2=100&
ICS3=30 ICS3=30
5.15. ISO JTC 1/SC 27 5.14. ISO JTC 1/SC 27
http://www.iso.ch/iso/en/stdsdevelopment/techprog/workprog/ http://www.iso.ch/iso/en/stdsdevelopment/techprog/workprog/
TechnicalProgrammeSCDetailPage.TechnicalProgrammeSCDetail?COMMID=143 TechnicalProgrammeSCDetailPage.TechnicalProgrammeSCDetail?COMMID=143
Several security related ISO projects under JTC 1/SC 27 are listed Several security related ISO projects under JTC 1/SC 27 are listed
here such as: here such as:
IT security techniques -- Entity authentication IT security techniques -- Entity authentication
Security techniques -- Key management Security techniques -- Key management
skipping to change at page 24, line 46 skipping to change at page 32, line 32
security management security management
Security techniques -- IT network security Security techniques -- IT network security
Guidelines for the implementation, operation and management of Guidelines for the implementation, operation and management of
Intrusion Detection Systems (IDS) Intrusion Detection Systems (IDS)
International Security, Trust, and Privacy Alliance -- Privacy International Security, Trust, and Privacy Alliance -- Privacy
Framework Framework
5.16. ITU-T Study Group 2 5.15. ITU-T Study Group 2
http://www.itu.int/ITU-T/studygroups/com02/index.asp http://www.itu.int/ITU-T/studygroups/com02/index.asp
Security related recommendations currently under study: Security related recommendations currently under study:
E.408 Telecommunication networks security requirements Q.5/2 (was E.408 Telecommunication networks security requirements Q.5/2 (was
E.sec1) E.sec1)
E.409 Incident Organisation and Security Incident Handling Q.5/2 E.409 Incident Organisation and Security Incident Handling Q.5/2
(was E.sec2) (was E.sec2)
Note: Access requires TIES account. Note: Access requires TIES account.
5.17. ITU-T Recommendation M.3016 5.16. ITU-T Recommendation M.3016
http://www.itu.int/itudoc/itu-t/com4/contr/068.html http://www.itu.int/itudoc/itu-t/com4/contr/068.html
This recommendation provides an overview and framework that This recommendation provides an overview and framework that
identifies the security requirements of a TMN and outlines how identifies the security requirements of a TMN and outlines how
available security services and mechanisms can be applied within the available security services and mechanisms can be applied within the
context of the TMN functional architecture. context of the TMN functional architecture.
Question 18 of Study Group 3 is revising Recommendation M.3016. They Question 18 of Study Group 3 is revising Recommendation M.3016. They
have taken the original document and are incorporating thoughts from have taken the original document and are incorporating thoughts from
skipping to change at page 25, line 37 skipping to change at page 33, line 21
M.3016.0 - Overview M.3016.0 - Overview
M.3016.1 - Requirements M.3016.1 - Requirements
M.3016.2 - Services M.3016.2 - Services
M.3016.3 - Mechanisms M.3016.3 - Mechanisms
M.3016.4 - Profiles M.3016.4 - Profiles
5.18. ITU-T Recommendation X.805 5.17. ITU-T Recommendation X.805
http://www.itu.int/itudoc/itu-t/aap/sg17aap/history/x805/x805.html http://www.itu.int/itudoc/itu-t/aap/sg17aap/history/x805/x805.html
This Recommendation defines the general security-related This Recommendation defines the general security-related
architectural elements that, when appropriately applied, can provide architectural elements that, when appropriately applied, can provide
end-to-end network security. end-to-end network security.
5.19. ITU-T Study Group 16 5.18. ITU-T Study Group 16
http://www.itu.int/ITU-T/studygroups/com16/index.asp http://www.itu.int/ITU-T/studygroups/com16/index.asp
Multimedia Security in Next-Generation Networks (NGN-MM-SEC) Multimedia Security in Next-Generation Networks (NGN-MM-SEC)
http://www.itu.int/ITU-T/studygroups/com16/sg16-q25.html http://www.itu.int/ITU-T/studygroups/com16/sg16-q25.html
5.20. ITU-T Study Group 17 5.19. ITU-T Study Group 17
http://www.itu.int/ITU-T/studygroups/com17/index.asp http://www.itu.int/ITU-T/studygroups/com17/index.asp
ITU-T Study Group 17 is the Lead Study Group on Communication System ITU-T Study Group 17 is the Lead Study Group on Communication System
Security Security
http://www.itu.int/ITU-T/studygroups/com17/cssecurity.html http://www.itu.int/ITU-T/studygroups/com17/cssecurity.html
Study Group 17 Security Project: Study Group 17 Security Project:
http://www.itu.int/ITU-T/studygroups/com17/security/index.html http://www.itu.int/ITU-T/studygroups/com17/security/index.html
During its November 2002 meeting, Study Group 17 agreed to establish During its November 2002 meeting, Study Group 17 agreed to establish
a new project entitled "Security Project" under the leadership of a new project entitled "Security Project" under the leadership of
Q.10/17 to coordinate the ITU-T standardization effort on security. Q.10/17 to coordinate the ITU-T standardization effort on security.
An analysis of the status on ITU-T Study Group action on information An analysis of the status on ITU-T Study Group action on information
and communication network security may be found in TSB Circular 147 and communication network security may be found in TSB Circular 147
of 14 February 2003. of 14 February 2003.
5.21. Catalogue of ITU-T Recommendations related to Communications 5.20. Catalogue of ITU-T Recommendations related to Communications
System Security System Security
http://www.itu.int/itudoc/itu-t/com17/activity/cat004.html http://www.itu.int/itudoc/itu-t/com17/activity/cat004.html
The Catalogue of the approved security Recommendations include those, The Catalogue of the approved security Recommendations include those,
designed for security purposes and those, which describe or use of designed for security purposes and those, which describe or use of
functions of security interest and need. Although some of the functions of security interest and need. Although some of the
security related Recommendations includes the phrase "Open Systems security related Recommendations includes the phrase "Open Systems
Interconnection", much of the information contained in them is Interconnection", much of the information contained in them is
pertinent to the establishment of security functionality in any pertinent to the establishment of security functionality in any
communicating system. communicating system.
5.22. ITU-T Security Manual 5.21. ITU-T Security Manual
http://www.itu.int/ITU-T/edh/files/security-manual.pdf http://www.itu.int/ITU-T/edh/files/security-manual.pdf
TSB is preparing an "ITU-T Security Manual" to provide an overview on TSB is preparing an "ITU-T Security Manual" to provide an overview on
security in telecommunications and information technologies, describe security in telecommunications and information technologies, describe
practical issues, and indicate how the different aspects of security practical issues, and indicate how the different aspects of security
in today's applications are addressed by ITU-T Recommendations. This in today's applications are addressed by ITU-T Recommendations. This
manual has a tutorial character: it collects security related manual has a tutorial character: it collects security related
material from ITU-T Recommendations into one place and explains the material from ITU-T Recommendations into one place and explains the
respective relationships. The intended audience for this manual are respective relationships. The intended audience for this manual are
engineers and product managers, students and academia, as well as engineers and product managers, students and academia, as well as
regulators who want to better understand security aspects in regulators who want to better understand security aspects in
practical applications. practical applications.
5.23. ITU-T NGN Effort 5.22. ITU-T NGN Effort
http://www.itu.int/ITU-T/2001-2004/com13/ngn2004/index.html http://www.itu.int/ITU-T/2001-2004/com13/ngn2004/index.html
During its January 2002 meeting, SG13 decided to undertake the During its January 2002 meeting, SG13 decided to undertake the
preparation of a new ITU-T Project entitled "NGN 2004 Project". At preparation of a new ITU-T Project entitled "NGN 2004 Project". At
the November 2002 SG13 meeting, a preliminary description of the the November 2002 SG13 meeting, a preliminary description of the
Project was achieved and endorsed by SG13 with the goal to launch the Project was achieved and endorsed by SG13 with the goal to launch the
Project. It is regularly updated since then. Project. It is regularly updated since then.
The role of the NGN 2004 Project is to organize and to coordinate The role of the NGN 2004 Project is to organize and to coordinate
ITU-T activities on Next Generation Networks. Its target is to ITU-T activities on Next Generation Networks. Its target is to
produce a first set of Recommendations on NGN by the end of this produce a first set of Recommendations on NGN by the end of this
study period, i.e. mid-2004. study period, i.e. mid-2004.
5.24. NRIC VI Focus Groups 5.23. NRIC VI Focus Groups
http://www.nric.org/fg/index.html http://www.nric.org/fg/index.html
The Network Reliability and Interoperability Council (NRIC) was The Network Reliability and Interoperability Council (NRIC) was
formed with the purpose to provide recommendations to the FCC and to formed with the purpose to provide recommendations to the FCC and to
the industry to assure the reliability and interoperability of the industry to assure the reliability and interoperability of
wireless, wireline, satellite, and cable public telecommunications wireless, wireline, satellite, and cable public telecommunications
networks. These documents provide general information and guidance networks. These documents provide general information and guidance
on NRIC Focus Group 1B (Cybersecurity) Best Practices for the on NRIC Focus Group 1B (Cybersecurity) Best Practices for the
prevention of cyberattack and for restoration following a prevention of cyberattack and for restoration following a
skipping to change at page 27, line 43 skipping to change at page 35, line 28
Documents: Documents:
Homeland Defense - Recommendations Published 14-Mar-03 Homeland Defense - Recommendations Published 14-Mar-03
Preventative Best Practices - Recommendations Published 14-Mar-03 Preventative Best Practices - Recommendations Published 14-Mar-03
Recovery Best Practices - Recommendations Published 14-Mar-03 Recovery Best Practices - Recommendations Published 14-Mar-03
Best Practice Appendices - Recommendations Published 14-Mar-03 Best Practice Appendices - Recommendations Published 14-Mar-03
5.25. OASIS Security Joint Committee 5.24. OASIS Security Joint Committee
http://www.oasis-open.org/committees/ http://www.oasis-open.org/committees/
tc_home.php?wg_abbrev=security-jc tc_home.php?wg_abbrev=security-jc
The purpose of the Security JC is to coordinate the technical The purpose of the Security JC is to coordinate the technical
activities of multiple security related TCs. The SJC is advisory activities of multiple security related TCs. The SJC is advisory
only, and has no deliverables. The Security JC will promote the use only, and has no deliverables. The Security JC will promote the use
of consistent terms, promote re-use, champion an OASIS security of consistent terms, promote re-use, champion an OASIS security
standards model, provide consistent PR, and promote mutuality, standards model, provide consistent PR, and promote mutuality,
operational independence and ethics. operational independence and ethics.
5.26. OASIS Security Services (SAML) TC 5.25. OASIS Security Services (SAML) TC
http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security
The Security Services TC is working to advance the Security Assertion The Security Services TC is working to advance the Security Assertion
Markup Language (SAML) as an OASIS standard. SAML is an XML Markup Language (SAML) as an OASIS standard. SAML is an XML
framework for exchanging authentication and authorization framework for exchanging authentication and authorization
information. information.
5.27. OIF Implementation Agreements 5.26. OIF Implementation Agreements
The OIF has 2 approved Implementation Agreements (IAs) relating to The OIF has 2 approved Implementation Agreements (IAs) relating to
security. They are: security. They are:
OIF-SMI-01.0 - Security Management Interfaces to Network Elements OIF-SMI-01.0 - Security Management Interfaces to Network Elements
This Implementation Agreement lists objectives for securing OAM&P This Implementation Agreement lists objectives for securing OAM&P
interfaces to a Network Element and then specifies ways of using interfaces to a Network Element and then specifies ways of using
security systems (e.g., IPsec or TLS) for securing these interfaces. security systems (e.g., IPsec or TLS) for securing these interfaces.
It summarizes how well each of the systems, used as specified, It summarizes how well each of the systems, used as specified,
satisfies the objectives. satisfies the objectives.
OIF - SEP - 01.1 - Security Extension for UNI and NNI OIF - SEP - 01.1 - Security Extension for UNI and NNI
This Implementation Agreement defines a common Security Extension for This Implementation Agreement defines a common Security Extension for
securing the protocols used in UNI 1.0, UNI 2.0, and NNI. securing the protocols used in UNI 1.0, UNI 2.0, and NNI.
Documents: http://www.oiforum.com/public/documents/Security-IA.pdf Documents: http://www.oiforum.com/public/documents/Security-IA.pdf
5.28. TIA 5.27. TIA
The TIA has produced the "Compendium of Emergency Communications and The TIA has produced the "Compendium of Emergency Communications and
Communications Network Security-related Work Activities". This Communications Network Security-related Work Activities". This
document identifies standards, or other technical documents and document identifies standards, or other technical documents and
ongoing Emergency/Public Safety Communications and Communications ongoing Emergency/Public Safety Communications and Communications
Network Security-related work activities within TIA and it's Network Security-related work activities within TIA and it's
Engineering Committees. Many P25 documents are specifically Engineering Committees. Many P25 documents are specifically
detailed. This "living document" is presented for information, detailed. This "living document" is presented for information,
coordination and reference. coordination and reference.
Documents: http://www.tiaonline.org/standards/technology/ciphs/ Documents: http://www.tiaonline.org/standards/technology/ciphs/
documents/EMTEL_sec.pdf documents/EMTEL_sec.pdf
5.29. WS-I Basic Security Profile 5.28. WS-I Basic Security Profile
http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html
The WS-I Basic Security Profile 1.0 consists of a set of non- The WS-I Basic Security Profile 1.0 consists of a set of non-
proprietary Web services specifications, along with clarifications proprietary Web services specifications, along with clarifications
and amendments to those specifications which promote and amendments to those specifications which promote
interoperability. interoperability.
5.30. NIST Special Publications (800 Series) 5.29. NIST Special Publications (800 Series)
http://csrc.nist.gov/publications/PubsSPs.html http://csrc.nist.gov/publications/PubsSPs.html
Special Publications in the 800 series present documents of general Special Publications in the 800 series present documents of general
interest to the computer security community. The Special Publication interest to the computer security community. The Special Publication
800 series was established in 1990 to provide a separate identity for 800 series was established in 1990 to provide a separate identity for
information technology security publications. This Special information technology security publications. This Special
Publication 800 series reports on ITL's research, guidelines, and Publication 800 series reports on ITL's research, guidelines, and
outreach efforts in computer security, and its collaborative outreach efforts in computer security, and its collaborative
activities with industry, government, and academic organizations. activities with industry, government, and academic organizations.
5.31. NIST Interagency or Internal Reports (NISTIRs) 5.30. NIST Interagency or Internal Reports (NISTIRs)
http://csrc.nist.gov/publications/PubsNISTIRs.html http://csrc.nist.gov/publications/PubsNISTIRs.html
NIST Interagency or Internal Reports (NISTIRs) describe research of a NIST Interagency or Internal Reports (NISTIRs) describe research of a
technical nature of interest to a specialized audience. The series technical nature of interest to a specialized audience. The series
includes interim or final reports on work performed by NIST for includes interim or final reports on work performed by NIST for
outside sponsors (both government and nongovernment). NISTIRs may outside sponsors (both government and nongovernment). NISTIRs may
also report results of NIST projects of transitory or limited also report results of NIST projects of transitory or limited
interest, including those that will be published subsequently in more interest, including those that will be published subsequently in more
comprehensive form. comprehensive form.
5.32. NIST ITL Security Bulletins 5.31. NIST ITL Security Bulletins
http://csrc.nist.gov/publications/PubsITLSB.html http://csrc.nist.gov/publications/PubsITLSB.html
ITL Bulletins are published by NIST's Information Technology ITL Bulletins are published by NIST's Information Technology
Laboratory, with most bulletins written by the Computer Security Laboratory, with most bulletins written by the Computer Security
Division. These bulletins are published on the average of six times Division. These bulletins are published on the average of six times
a year. Each bulletin presents an in-depth discussion of a single a year. Each bulletin presents an in-depth discussion of a single
topic of significant interest to the information systems community. topic of significant interest to the information systems community.
Not all of ITL Bulletins that are published relate to computer / Not all of ITL Bulletins that are published relate to computer /
network security. Only the computer security ITL Bulletins are found network security. Only the computer security ITL Bulletins are found
here. here.
5.33. SANS Information Security Reading Room 5.32. SANS Information Security Reading Room
http://www.sans.org/reading_room/ http://www.sans.org/reading_room/
Featuring over 1,885 original computer security white papers in 75 Featuring over 1,885 original computer security white papers in 75
different categories. different categories.
Most of the computer security white papers in the Reading Room have Most of the computer security white papers in the Reading Room have
been written by students seeking GIAC certification to fulfill part been written by students seeking GIAC certification to fulfill part
of their certification requirements and are provided by SANS as a of their certification requirements and are provided by SANS as a
resource to benefit the security community at large. SANS attempts resource to benefit the security community at large. SANS attempts
skipping to change at page 33, line 13 skipping to change at page 40, line 13
IANA to do anything. IANA to do anything.
8. Acknowledgments 8. Acknowledgments
The following people have contributed to this document. Listing The following people have contributed to this document. Listing
their names here does not mean that they endorse the document, but their names here does not mean that they endorse the document, but
that they have contributed to its substance. that they have contributed to its substance.
David Black, Mark Ellison, George Jones, Keith McCloghrie, John David Black, Mark Ellison, George Jones, Keith McCloghrie, John
McDonough, Art Reilly, Chip Sharp, Dane Skow, Michael Hammer, Bruce McDonough, Art Reilly, Chip Sharp, Dane Skow, Michael Hammer, Bruce
Moon, Stephen Kent, Steve Wolff. Moon, Stephen Kent, Steve Wolff, Bob Natale.
9. Changes from Prior Drafts 9. Changes from Prior Drafts
-00 : Initial draft published as draft-lonvick-sec-efforts-01.txt -00 : Initial draft published as draft-lonvick-sec-efforts-01.txt
-01 : Security Glossaries: -01 : Security Glossaries:
Added ATIS Telecom Glossary 2000, Critical Infrastructure Added ATIS Telecom Glossary 2000, Critical Infrastructure
Glossary of Terms and Acronyms, Microsoft Solutions for Glossary of Terms and Acronyms, Microsoft Solutions for
Security Glossary, and USC InfoSec Glossary. Security Glossary, and USC InfoSec Glossary.
skipping to change at page 36, line 45 skipping to change at page 43, line 45
Updated the section on the Microsoft glossary. Updated the section on the Microsoft glossary.
Updated the section on the SANS glossary. Updated the section on the SANS glossary.
Added the NIST Security glossary. Added the NIST Security glossary.
Added dates to all glossaries - where I could find them. Added dates to all glossaries - where I could find them.
Added the SANS Reading Room material to Section 5. Added the SANS Reading Room material to Section 5.
-15 : Fifteenth revision of the WG ID.
Updated the date and reviewed the accuracy of Section 4. Several
changes made.
Removed WS-I as they have merged with OASIS.
Added TM Forum.
Note: This section will be removed before publication as an RFC. Note: This section will be removed before publication as an RFC.
Authors' Addresses Authors' Addresses
Chris Lonvick Chris Lonvick
Cisco Systems Cisco Systems
12515 Research Blvd. 12515 Research Blvd.
Austin, Texas 78759 Austin, Texas 78759
US US
 End of changes. 104 change blocks. 
304 lines changed or deleted 651 lines changed or added

This html diff was produced by rfcdiff 1.40. The latest version is available from http://tools.ietf.org/tools/rfcdiff/