draft-ietf-sacm-use-cases-09.txt   draft-ietf-sacm-use-cases-10.txt 
Security Automation and Continuous Monitoring WG D. Waltermire Security Automation and Continuous Monitoring WG D. Waltermire
Internet-Draft NIST Internet-Draft NIST
Intended status: Informational D. Harrington Intended status: Informational D. Harrington
Expires: September 25, 2015 Effective Software Expires: January 2, 2016 Effective Software
March 24, 2015 July 1, 2015
Endpoint Security Posture Assessment - Enterprise Use Cases Endpoint Security Posture Assessment - Enterprise Use Cases
draft-ietf-sacm-use-cases-09 draft-ietf-sacm-use-cases-10
Abstract Abstract
This memo documents a sampling of use cases for securely aggregating This memo documents a sampling of use cases for securely aggregating
configuration and operational data and evaluating that data to configuration and operational data and evaluating that data to
determine an organization's security posture. From these operational determine an organization's security posture. From these operational
use cases, we can derive common functional capabilities and use cases, we can derive common functional capabilities and
requirements to guide development of vendor-neutral, interoperable requirements to guide development of vendor-neutral, interoperable
standards for aggregating and evaluating data relevant to security standards for aggregating and evaluating data relevant to security
posture. posture.
skipping to change at page 1, line 37 skipping to change at page 1, line 37
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 25, 2015. This Internet-Draft will expire on January 2, 2016.
Copyright Notice Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 34 skipping to change at page 2, line 34
2.2.5. Asynchronous Compliance/Vulnerability Assessment at 2.2.5. Asynchronous Compliance/Vulnerability Assessment at
Ice Station Zebra . . . . . . . . . . . . . . . . . . 18 Ice Station Zebra . . . . . . . . . . . . . . . . . . 18
2.2.6. Identification and Retrieval of Guidance . . . . . . 20 2.2.6. Identification and Retrieval of Guidance . . . . . . 20
2.2.7. Guidance Change Detection . . . . . . . . . . . . . . 21 2.2.7. Guidance Change Detection . . . . . . . . . . . . . . 21
3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 21 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 21
4. Security Considerations . . . . . . . . . . . . . . . . . . . 21 4. Security Considerations . . . . . . . . . . . . . . . . . . . 21
5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 22 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 22
6. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 22 6. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 22
6.1. -08- to -09- . . . . . . . . . . . . . . . . . . . . . . 22 6.1. -08- to -09- . . . . . . . . . . . . . . . . . . . . . . 22
6.2. -07- to -08- . . . . . . . . . . . . . . . . . . . . . . 22 6.2. -07- to -08- . . . . . . . . . . . . . . . . . . . . . . 22
6.3. -06- to -07- . . . . . . . . . . . . . . . . . . . . . . 22 6.3. -06- to -07- . . . . . . . . . . . . . . . . . . . . . . 23
6.4. -05- to -06- . . . . . . . . . . . . . . . . . . . . . . 23 6.4. -05- to -06- . . . . . . . . . . . . . . . . . . . . . . 23
6.5. -04- to -05- . . . . . . . . . . . . . . . . . . . . . . 23 6.5. -04- to -05- . . . . . . . . . . . . . . . . . . . . . . 23
6.6. -03- to -04- . . . . . . . . . . . . . . . . . . . . . . 24 6.6. -03- to -04- . . . . . . . . . . . . . . . . . . . . . . 24
6.7. -02- to -03- . . . . . . . . . . . . . . . . . . . . . . 24 6.7. -02- to -03- . . . . . . . . . . . . . . . . . . . . . . 24
6.8. -01- to -02- . . . . . . . . . . . . . . . . . . . . . . 25 6.8. -01- to -02- . . . . . . . . . . . . . . . . . . . . . . 25
6.9. -00- to -01- . . . . . . . . . . . . . . . . . . . . . . 25 6.9. -00- to -01- . . . . . . . . . . . . . . . . . . . . . . 25
6.10. draft-waltermire-sacm-use-cases-05 to draft-ietf-sacm- 6.10. draft-waltermire-sacm-use-cases-05 to draft-ietf-sacm-
use-cases-00 . . . . . . . . . . . . . . . . . . . . . . 26 use-cases-00 . . . . . . . . . . . . . . . . . . . . . . 26
6.11. waltermire -04- to -05- . . . . . . . . . . . . . . . . . 27 6.11. waltermire -04- to -05- . . . . . . . . . . . . . . . . . 27
7. Informative References . . . . . . . . . . . . . . . . . . . 28 7. Informative References . . . . . . . . . . . . . . . . . . . 28
skipping to change at page 21, line 35 skipping to change at page 21, line 35
detection mechanism, then specific guidance entries can be detection mechanism, then specific guidance entries can be
retrieved and possibly cached locally. retrieved and possibly cached locally.
3. IANA Considerations 3. IANA Considerations
This memo includes no request to IANA. This memo includes no request to IANA.
4. Security Considerations 4. Security Considerations
This memo documents, for informational purposes, use cases for This memo documents, for informational purposes, use cases for
security automation. Specific security considerations will be security automation. Specific security and privacy considerations
provided in related documents (e.g., requirements, architecture, will be provided in related documents (e.g., requirements,
information model, data model, protocol) as appropriate to the architecture, information model, data model, protocol) as appropriate
function described in each related document. to the function described in each related document.
One consideration for security automation is that a malicious actor One consideration for security automation is that a malicious actor
could use the security automation infrastructure and related could use the security automation infrastructure and related
collected data to determine endpoint weaknesses to exploit. It is collected data to gain access to an item of interest. This may
important that security considerations in the related documents include personal data, private keys, software and configuration state
identify methods to both identify and prevent such activity. that can be used to inform an attack against the network and
Specifically, means for protecting the communications as well as the endpoints, and other sensitive information. It is important that
systems that store the information. For communications between the security and privacy considerations in the related documents identify
varying SACM components there should be considerations for protecting methods to both identify and prevent such activity.
the confidentiality, data integrity and peer entity authentication.
Also, for any systems that store information that could be used for For consideration are means for protecting the communications as well
as the systems that store the information. For communications
between the varying SACM components there should be considerations
for protecting the confidentiality, data integrity and peer entity
authentication. For exchanged information, there should be a means
to authenticate the origin of the information. This is important
where tracking the provenance of data is needed. Also, for any
systems that store information that could be used for unauthorized or
malicious purposes, methods to identify and protect against malicious purposes, methods to identify and protect against
unauthorized usage, inappropriate usage and denial of service need to unauthorized usage, inappropriate usage, and denial of service need
be considered. to be considered.
5. Acknowledgements 5. Acknowledgements
Adam Montville edited early versions of this draft. Adam Montville edited early versions of this draft.
Kathleen Moriarty, and Stephen Hanna contributed text describing the Kathleen Moriarty, and Stephen Hanna contributed text describing the
scope of the document. scope of the document.
Gunnar Engelbach, Steve Hanna, Chris Inacio, Kent Landfield, Lisa Gunnar Engelbach, Steve Hanna, Chris Inacio, Kent Landfield, Lisa
Lorenzin, Adam Montville, Kathleen Moriarty, Nancy Cam-Winget, and Lorenzin, Adam Montville, Kathleen Moriarty, Nancy Cam-Winget, and
 End of changes. 7 change blocks. 
19 lines changed or deleted 26 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/