draft-ietf-opsec-efforts-01.txt   draft-ietf-opsec-efforts-02.txt 
Network Working Group C. Lonvick Network Working Group C. Lonvick
Internet-Draft D. Spak Internet-Draft D. Spak
Expires: January 8, 2006 Cisco Systems Expires: July 21, 2006 Cisco Systems
July 7, 2005 January 17, 2006
Security Best Practices Efforts and Documents Security Best Practices Efforts and Documents
draft-ietf-opsec-efforts-01.txt draft-ietf-opsec-efforts-02.txt
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 34 skipping to change at page 1, line 34
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on January 8, 2006. This Internet-Draft will expire on July 21, 2006.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2005). Copyright (C) The Internet Society (2006).
Abstract Abstract
This document provides a snapshot of the current efforts to define or This document provides a snapshot of the current efforts to define or
apply security requirements in various Standards Developing apply security requirements in various Standards Developing
Organizations (SDO). Organizations (SDO).
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 5 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 5
skipping to change at page 10, line 16 skipping to change at page 10, line 16
This section of this document lists the SDOs, or organizations that This section of this document lists the SDOs, or organizations that
appear to be developing security related standards. These SDOs are appear to be developing security related standards. These SDOs are
listed in alphabetical order. listed in alphabetical order.
Note: The authors would appreciate corrections and additions. This Note: The authors would appreciate corrections and additions. This
note will be removed before publication as an RFC. note will be removed before publication as an RFC.
4.1 3GPP - Third Generation Partnership Project 4.1 3GPP - Third Generation Partnership Project
http://www.3gpp.org http://www.3gpp.org/
The 3rd Generation Partnership Project (3GPP) is a collaboration The 3rd Generation Partnership Project (3GPP) is a collaboration
agreement formed in December 1998. The collaboration agreement is agreement formed in December 1998. The collaboration agreement is
comprised of several telecommunications standards bodies which are comprised of several telecommunications standards bodies which are
known as "Organizational Partners". The current Organizational known as "Organizational Partners". The current Organizational
Partners involved with 3GPP are ARIB, CCSA, ETSI, ATIS, TTA, and TTC. Partners involved with 3GPP are ARIB, CCSA, ETSI, ATIS, TTA, and TTC.
4.2 3GPP2 - Third Generation Partnership Project 2 4.2 3GPP2 - Third Generation Partnership Project 2
http://www.3gpp2.org http://www.3gpp2.org/
Third Generation Partnership Project 2 (3GPP2) is a collaboration Third Generation Partnership Project 2 (3GPP2) is a collaboration
among Organizational Partners much like its sister project 3GPP. The among Organizational Partners much like its sister project 3GPP. The
Organizational Partners (OPs) currently involved with 3GPP2 are ARIB, Organizational Partners (OPs) currently involved with 3GPP2 are ARIB,
CCSA, TIA, TTA, and TTC. In addition to the OPs, 3GPP2 also welcomes CCSA, TIA, TTA, and TTC. In addition to the OPs, 3GPP2 also welcomes
the CDMA Development Group and IPv6 Forum as Market Representation the CDMA Development Group and IPv6 Forum as Market Representation
Partners for market advice. Partners for market advice.
4.3 ANSI - The American National Standards Institute 4.3 ANSI - The American National Standards Institute
http://www.ansi.org http://www.ansi.org/
ANSI is a private, non-profit organization that organizes and ANSI is a private, non-profit organization that organizes and
oversees the U.S. voluntary standardization and conformity assessment oversees the U.S. voluntary standardization and conformity assessment
system. ANSI was founded October 19, 1918. system. ANSI was founded October 19, 1918.
4.4 ATIS - Alliance for Telecommunications Industry Solutions 4.4 ATIS - Alliance for Telecommunications Industry Solutions
http://www.atis.org http://www.atis.org/
ATIS is a United States based body that is committed to rapidly ATIS is a United States based body that is committed to rapidly
developing and promoting technical and operations standards for the developing and promoting technical and operations standards for the
communications and related information technologies industry communications and related information technologies industry
worldwide using pragmatic, flexible and open approach. Committee T1 worldwide using pragmatic, flexible and open approach. Committee T1
as a group no longer exists as a result of the recent ATIS as a group no longer exists as a result of the recent ATIS
reorganization on January 1, 2004. ATIS has restructured the former reorganization on January 1, 2004. ATIS has restructured the former
T1 technical subcommittees into full ATIS standards committees to T1 technical subcommittees into full ATIS standards committees to
easily identify and promote the nature of standards work each easily identify and promote the nature of standards work each
committee performs. Due to the reorganization, some groups may have committee performs. Due to the reorganization, some groups may have
skipping to change at page 13, line 36 skipping to change at page 13, line 36
telecommunications standards. ETSI is based in Sophia-Antipolis in telecommunications standards. ETSI is based in Sophia-Antipolis in
the south of France and maintains a membership from 55 countries. the south of France and maintains a membership from 55 countries.
Joint work between ETSI and ITU-T SG-17 Joint work between ETSI and ITU-T SG-17
http://docbox.etsi.org/OCG/OCG/GSC9/GSC9_JointT%26R/ http://docbox.etsi.org/OCG/OCG/GSC9/GSC9_JointT%26R/
GSC9_Joint_011_Security_Standardization_in_ITU.ppt GSC9_Joint_011_Security_Standardization_in_ITU.ppt
4.8 GGF - Global Grid Forum 4.8 GGF - Global Grid Forum
http://www.gridforum.org http://www.gridforum.org/
The Global Grid Forum (GGF) is a community-initiated forum of The Global Grid Forum (GGF) is a community-initiated forum of
thousands of individuals from industry and research leading the thousands of individuals from industry and research leading the
global standardization effort for grid computing. GGF's primary global standardization effort for grid computing. GGF's primary
objectives are to promote and support the development, deployment, objectives are to promote and support the development, deployment,
and implementation of Grid technologies and applications via the and implementation of Grid technologies and applications via the
creation and documentation of "best practices" - technical creation and documentation of "best practices" - technical
specifications, user experiences, and implementation guidelines. specifications, user experiences, and implementation guidelines.
4.9 IEEE - The Institute of Electrical and Electronics Engineers, Inc. 4.9 IEEE - The Institute of Electrical and Electronics Engineers, Inc.
http://www.ieee.org http://www.ieee.org/
IEEE is a non-profit, technical professional association of more than IEEE is a non-profit, technical professional association of more than
360,000 individual members in approximately 175 countries. The IEEE 360,000 individual members in approximately 175 countries. The IEEE
produces 30 percent of the world's published literature in electrical produces 30 percent of the world's published literature in electrical
engineering, computers and control technology through its technical engineering, computers and control technology through its technical
publishing, conferences and consensus-based standards activities. publishing, conferences and consensus-based standards activities.
4.10 IETF - The Internet Engineering Task Force 4.10 IETF - The Internet Engineering Task Force
http://www.ietf.org http://www.ietf.org/
IETF is a large, international community open to any interested IETF is a large, international community open to any interested
individual concerned with the evolution of the Internet architecture individual concerned with the evolution of the Internet architecture
and the smooth operation of the Internet. and the smooth operation of the Internet.
4.11 INCITS - InterNational Committee for Information Technology 4.11 INCITS - InterNational Committee for Information Technology
Standards Standards
http://www.incits.org http://www.incits.org/
INCITS focuses upon standardization in the field of Information and INCITS focuses upon standardization in the field of Information and
Communications Technologies (ICT), encompassing storage, processing, Communications Technologies (ICT), encompassing storage, processing,
transfer, display, management, organization, and retrieval of transfer, display, management, organization, and retrieval of
information. information.
4.12 INCITS Technical Committee T11 - Fibre Channel Interfaces 4.12 INCITS Technical Committee T11 - Fibre Channel Interfaces
http://www.t11.org/index.htm http://www.t11.org/index.htm
T11 is responsible for standards development in the areas of T11 is responsible for standards development in the areas of
Intelligent Peripheral Interface (IPI), High-Performance Parallel Intelligent Peripheral Interface (IPI), High-Performance Parallel
Interface (HIPPI) and Fibre Channel (FC). T11 has a project called Interface (HIPPI) and Fibre Channel (FC). T11 has a project called
FC-SP to define Security Protocols for Fibre Channel. FC-SP to define Security Protocols for Fibre Channel.
FC-SP Project Proposal: FC-SP Project Proposal:
ftp://ftp.t11.org/t11/admin/project_proposals/02-036v2.pdf ftp://ftp.t11.org/t11/admin/project_proposals/02-036v2.pdf
4.13 ISO - The International Organization for Standardization 4.13 ISO - The International Organization for Standardization
http://www.iso.org http://www.iso.org/
ISO is a network of the national standards institutes of 148 ISO is a network of the national standards institutes of 148
countries, on the basis of one member per country, with a Central countries, on the basis of one member per country, with a Central
Secretariat in Geneva, Switzerland, that coordinates the system. ISO Secretariat in Geneva, Switzerland, that coordinates the system. ISO
officially began operations on February 23, 1947. officially began operations on February 23, 1947.
4.14 ITU - International Telecommunication Union 4.14 ITU - International Telecommunication Union
http://www.itu.int/ http://www.itu.int/
skipping to change at page 16, line 31 skipping to change at page 16, line 31
NSTAC provides industry-based advice and expertise to the President NSTAC provides industry-based advice and expertise to the President
on issues and problems related to implementing national security and on issues and problems related to implementing national security and
emergency preparedness (NS/EP) communications policy. Since its emergency preparedness (NS/EP) communications policy. Since its
inception, the NSTAC has addressed a wide range of policy and inception, the NSTAC has addressed a wide range of policy and
technical issues regarding communications, information systems, technical issues regarding communications, information systems,
information assurance, critical infrastructure protection, and other information assurance, critical infrastructure protection, and other
NS/EP communications concerns. NS/EP communications concerns.
4.19 TIA - The Telecommunications Industry Association 4.19 TIA - The Telecommunications Industry Association
http://www.tiaonline.org http://www.tiaonline.org/
TIA is accredited by ANSI to develop voluntary industry standards for TIA is accredited by ANSI to develop voluntary industry standards for
a wide variety of telecommunications products. TIA's Standards and a wide variety of telecommunications products. TIA's Standards and
Technology Department is composed of five divisions: Fiber Optics, Technology Department is composed of five divisions: Fiber Optics,
User Premises Equipment, Network Equipment, Wireless Communications User Premises Equipment, Network Equipment, Wireless Communications
and Satellite Communications. and Satellite Communications.
4.20 Web Services Interoperability Organization (WS-I) 4.20 Web Services Interoperability Organization (WS-I)
http://www.ws-i.org/ http://www.ws-i.org/
skipping to change at page 19, line 48 skipping to change at page 19, line 48
Part 2 - Functional Requirements (including Annexes) Part 2 - Functional Requirements (including Annexes)
Part 3 - Assurance Requirements Part 3 - Assurance Requirements
Documents: Common Criteria V2.1 Documents: Common Criteria V2.1
http://csrc.nist.gov/cc/CC-v2.1.html http://csrc.nist.gov/cc/CC-v2.1.html
5.10 ETSI 5.10 ETSI
http://www.etsi.org http://www.etsi.org/
The ETSI hosted the ETSI Global Security Conference in late November, The ETSI hosted the ETSI Global Security Conference in late November,
2003, which could lead to a standard. 2003, which could lead to a standard.
Groups related to security located from the ETSI Groups Portal: Groups related to security located from the ETSI Groups Portal:
OCG Security OCG Security
3GPP SA3 3GPP SA3
skipping to change at page 20, line 49 skipping to change at page 20, line 49
Systems (SCAISWG), IEEE Project 1700's purpose is to develop a draft Systems (SCAISWG), IEEE Project 1700's purpose is to develop a draft
Standard for Information System Security Assurance Architecture for Standard for Information System Security Assurance Architecture for
ballot and during the process begin development of a suite of ballot and during the process begin development of a suite of
associated standards for components of that architecture. associated standards for components of that architecture.
Documents: http://issaa.org/documents/index.html Documents: http://issaa.org/documents/index.html
5.13 Operational Security Requirements for IP Network Infrastructure : 5.13 Operational Security Requirements for IP Network Infrastructure :
Advanced Requirements Advanced Requirements
IETF Internet-Draft IETF RFC 3871
Abstract: This document defines a list of operational security Abstract: This document defines a list of operational security
requirements for the infrastructure of large ISP IP networks (routers requirements for the infrastructure of large ISP IP networks (routers
and switches). A framework is defined for specifying "profiles", and switches). A framework is defined for specifying "profiles",
which are collections of requirements applicable to certain network which are collections of requirements applicable to certain network
topology contexts (all, core-only, edge-only...). The goal is to topology contexts (all, core-only, edge-only...). The goal is to
provide network operators a clear, concise way of communicating their provide network operators a clear, concise way of communicating their
security requirements to vendors. security requirements to vendors.
Documents: Documents:
http://www.ietf.org/internet-drafts/draft-jones-opsec-06.txt ftp://ftp.rfc-editor.org/in-notes/rfc3871.txt
5.14 INCITS Technical Committee T4 - Security Techniques 5.14 INCITS Technical Committee T4 - Security Techniques
http://www.incits.org/tc_home/t4.htm http://www.incits.org/tc_home/t4.htm
Technical Committee T4, Security Techniques, participates in the Technical Committee T4, Security Techniques, participates in the
standardization of generic methods for information technology standardization of generic methods for information technology
security. This includes development of: security techniques and security. This includes development of: security techniques and
mechanisms; security guidelines; security evaluation criteria; and mechanisms; security guidelines; security evaluation criteria; and
identification of generic requirements for information technology identification of generic requirements for information technology
skipping to change at page 31, line 44 skipping to change at page 31, line 44
-00 : as the WG ID -00 : as the WG ID
Added more information about the ITU-T SG3 Q18 effort to modify Added more information about the ITU-T SG3 Q18 effort to modify
ITU-T Recommendation M.3016. ITU-T Recommendation M.3016.
-01 : First revision as the WG ID. -01 : First revision as the WG ID.
Added information about the NGN in the sections about ATIS, the Added information about the NGN in the sections about ATIS, the
NSTAC, and ITU-T. NSTAC, and ITU-T.
-02 : Second revision as the WG ID.
Updated the date. Corrected some url's and the reference to
George's RFC.
Note: This section will be removed before publication as an RFC. Note: This section will be removed before publication as an RFC.
10. References 10. References
10.1 Normative References 10.1 Normative References
[1] Bradner, S., "Key words for use in RFCs to Indicate Requirement [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", RFC 2119, STD 14, March 1997. Levels", RFC 2119, STD 14, March 1997.
10.2 Informative References 10.2 Informative References
skipping to change at page 33, line 41 skipping to change at page 33, line 41
This document and the information contained herein are provided on an This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement Copyright Statement
Copyright (C) The Internet Society (2005). This document is subject Copyright (C) The Internet Society (2006). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights. except as set forth therein, the authors retain all their rights.
Acknowledgment Acknowledgment
Funding for the RFC Editor function is currently provided by the Funding for the RFC Editor function is currently provided by the
Internet Society. Internet Society.
 End of changes. 19 change blocks. 
19 lines changed or deleted 24 lines changed or added

This html diff was produced by rfcdiff 1.28, available from http://www.levkowetz.com/ietf/tools/rfcdiff/