draft-ietf-opsec-efforts-03.txt | draft-ietf-opsec-efforts-04.txt | |||
---|---|---|---|---|
Network Working Group C. Lonvick | Network Working Group C. Lonvick | |||
Internet-Draft D. Spak | Internet-Draft D. Spak | |||
Expires: October 21, 2006 Cisco Systems | Expires: December 16, 2006 Cisco Systems | |||
April 19, 2006 | June 14, 2006 | |||
Security Best Practices Efforts and Documents | Security Best Practices Efforts and Documents | |||
draft-ietf-opsec-efforts-03.txt | draft-ietf-opsec-efforts-04.txt | |||
Status of this Memo | Status of this Memo | |||
By submitting this Internet-Draft, each author represents that any | By submitting this Internet-Draft, each author represents that any | |||
applicable patent or other IPR claims of which he or she is aware | applicable patent or other IPR claims of which he or she is aware | |||
have been or will be disclosed, and any of which he or she becomes | have been or will be disclosed, and any of which he or she becomes | |||
aware will be disclosed, in accordance with Section 6 of BCP 79. | aware will be disclosed, in accordance with Section 6 of BCP 79. | |||
Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
skipping to change at page 1, line 34 | skipping to change at page 1, line 34 | |||
and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
http://www.ietf.org/ietf/1id-abstracts.txt. | http://www.ietf.org/ietf/1id-abstracts.txt. | |||
The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
This Internet-Draft will expire on October 21, 2006. | This Internet-Draft will expire on December 16, 2006. | |||
Copyright Notice | Copyright Notice | |||
Copyright (C) The Internet Society (2006). | Copyright (C) The Internet Society (2006). | |||
Abstract | Abstract | |||
This document provides a snapshot of the current efforts to define or | This document provides a snapshot of the current efforts to define or | |||
apply security requirements in various Standards Developing | apply security requirements in various Standards Developing | |||
Organizations (SDO). | Organizations (SDO). | |||
Table of Contents | Table of Contents | |||
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
2. Conventions Used in This Document . . . . . . . . . . . . . . 7 | 2. Conventions Used in This Document . . . . . . . . . . . . . . 7 | |||
3. Format of this Document . . . . . . . . . . . . . . . . . . . 8 | 3. Format of this Document . . . . . . . . . . . . . . . . . . . 8 | |||
4. Online Security Glossaries . . . . . . . . . . . . . . . . . . 9 | 4. Online Security Glossaries . . . . . . . . . . . . . . . . . . 9 | |||
4.1. ATIS Telecom Glossary 2000 . . . . . . . . . . . . . . . . 9 | 4.1. ATIS Telecom Glossary 2000 . . . . . . . . . . . . . . . . 9 | |||
4.2. Critical Infrastructure Glossary of Terms and Acronyms . . 9 | 4.2. Internet Security Glossary - RFC 2828 . . . . . . . . . . 9 | |||
4.3. Internet Security Glossary - RFC 2828 . . . . . . . . . . 9 | 4.3. Compendium of Approved ITU-T Security Definitions . . . . 9 | |||
4.4. Compendium of Approved ITU-T Security Definitions . . . . 10 | 4.4. Microsoft Solutions for Security Glossary . . . . . . . . 10 | |||
4.5. Microsoft Solutions for Security Glossary . . . . . . . . 10 | 4.5. SANS Glossary of Security Terms . . . . . . . . . . . . . 10 | |||
4.6. SANS Glossary of Security Terms . . . . . . . . . . . . . 10 | 4.6. Security Taxonomy and Glossary - Anne & Lynn Wheeler . . . 10 | |||
4.7. USC InfoSec Glossary . . . . . . . . . . . . . . . . . . . 10 | ||||
5. Standards Developing Organizations . . . . . . . . . . . . . . 11 | 5. Standards Developing Organizations . . . . . . . . . . . . . . 11 | |||
5.1. 3GPP - Third Generation Partnership Project . . . . . . . 11 | 5.1. 3GPP - Third Generation Partnership Project . . . . . . . 11 | |||
5.2. 3GPP2 - Third Generation Partnership Project 2 . . . . . . 11 | 5.2. 3GPP2 - Third Generation Partnership Project 2 . . . . . . 11 | |||
5.3. ANSI - The American National Standards Institute . . . . . 11 | 5.3. ANSI - The American National Standards Institute . . . . . 11 | |||
5.3.1. Accredited Standards Committee X9 (ASC X9) . . . . . . 11 | ||||
5.4. ATIS - Alliance for Telecommunications Industry | 5.4. ATIS - Alliance for Telecommunications Industry | |||
Solutions . . . . . . . . . . . . . . . . . . . . . . . . 11 | Solutions . . . . . . . . . . . . . . . . . . . . . . . . 12 | |||
5.4.1. ATIS Network Performance, Reliability and Quality | 5.4.1. ATIS NIPP - Network Interface, Power, and | |||
of Service Committee, formerly T1A1 . . . . . . . . . 12 | Protection Committee, formerly T1E1 . . . . . . . . . 12 | |||
5.4.2. ATIS Network Interface, Power, and Protection | 5.4.2. ATIS NPRQ - Network Performance, Reliability, and | |||
Committee, formerly T1E1 . . . . . . . . . . . . . . . 12 | Quality of Service Committee, formerly T1A1 . . . . . 12 | |||
5.4.3. ATIS Telecom Management and Operations Committee, | 5.4.3. ATIS OBF - Ordering and Billing Forum, formerly | |||
formerly T1M1 OAM&P . . . . . . . . . . . . . . . . . 12 | regarding T1M1 O&B . . . . . . . . . . . . . . . . . . 12 | |||
5.4.4. ATIS Ordering and Billing Forum regarding T1M1 O&B . . 12 | 5.4.4. ATIS OPTXS - Optical Transport and Synchronization | |||
5.4.5. ATIS Wireless Technologies and Systems Committee, | ||||
formerly T1P1 . . . . . . . . . . . . . . . . . . . . 13 | ||||
5.4.6. ATIS Packet Technologies and Systems Committee, | ||||
formerly T1S1 . . . . . . . . . . . . . . . . . . . . 13 | ||||
5.4.7. ATIS Protocol Interworking Committee, regarding | ||||
T1S1 . . . . . . . . . . . . . . . . . . . . . . . . . 13 | ||||
5.4.8. ATIS Optical Transport and Synchronization | ||||
Committee, formerly T1X1 . . . . . . . . . . . . . . . 13 | Committee, formerly T1X1 . . . . . . . . . . . . . . . 13 | |||
5.5. CC - Common Criteria . . . . . . . . . . . . . . . . . . . 13 | 5.4.5. ATIS TMOC - Telecom Management and Operations | |||
Committee, formerly T1M1 OAM&P . . . . . . . . . . . . 13 | ||||
5.4.6. ATIS WTSC - Wireless Technologies and Systems | ||||
Committee, formerly T1P1 . . . . . . . . . . . . . . . 13 | ||||
5.4.7. ATIS PTSC - Packet Technologies and Systems | ||||
Committee, formerly T1S1 . . . . . . . . . . . . . . . 13 | ||||
5.4.8. ATIS Protocol Interworking Committee, regarding | ||||
T1S1 . . . . . . . . . . . . . . . . . . . . . . . . . 14 | ||||
5.5. CC - Common Criteria . . . . . . . . . . . . . . . . . . . 14 | ||||
5.6. DMTF - Distributed Management Task Force, Inc. . . . . . . 14 | 5.6. DMTF - Distributed Management Task Force, Inc. . . . . . . 14 | |||
5.7. ETSI - The European Telecommunications Standard | 5.7. ETSI - The European Telecommunications Standard | |||
Institute . . . . . . . . . . . . . . . . . . . . . . . . 14 | Institute . . . . . . . . . . . . . . . . . . . . . . . . 14 | |||
5.8. GGF - Global Grid Forum . . . . . . . . . . . . . . . . . 14 | 5.8. GGF - Global Grid Forum . . . . . . . . . . . . . . . . . 14 | |||
5.9. IEEE - The Institute of Electrical and Electronics | 5.9. IEEE - The Institute of Electrical and Electronics | |||
Engineers, Inc. . . . . . . . . . . . . . . . . . . . . . 14 | Engineers, Inc. . . . . . . . . . . . . . . . . . . . . . 15 | |||
5.10. IETF - The Internet Engineering Task Force . . . . . . . . 14 | 5.10. IETF - The Internet Engineering Task Force . . . . . . . . 15 | |||
5.11. INCITS - InterNational Committee for Information | 5.11. INCITS - InterNational Committee for Information | |||
Technology Standards . . . . . . . . . . . . . . . . . . . 15 | Technology Standards . . . . . . . . . . . . . . . . . . . 15 | |||
5.12. INCITS Technical Committee T11 - Fibre Channel | 5.11.1. INCITS Technical Committee T11 - Fibre Channel | |||
Interfaces . . . . . . . . . . . . . . . . . . . . . . . . 15 | Interfaces . . . . . . . . . . . . . . . . . . . . . . 15 | |||
5.13. ISO - The International Organization for | 5.12. ISO - The International Organization for | |||
Standardization . . . . . . . . . . . . . . . . . . . . . 15 | Standardization . . . . . . . . . . . . . . . . . . . . . 15 | |||
5.14. ITU - International Telecommunication Union . . . . . . . 15 | 5.13. ITU - International Telecommunication Union . . . . . . . 16 | |||
5.14.1. ITU Telecommunication Standardization Sector - | 5.13.1. ITU Telecommunication Standardization Sector - | |||
ITU-T . . . . . . . . . . . . . . . . . . . . . . . . 15 | ITU-T . . . . . . . . . . . . . . . . . . . . . . . . 16 | |||
5.14.2. ITU Radiocommunication Sector - ITU-R . . . . . . . . 16 | 5.13.2. ITU Radiocommunication Sector - ITU-R . . . . . . . . 16 | |||
5.14.3. ITU Telecom Development - ITU-D . . . . . . . . . . . 16 | 5.13.3. ITU Telecom Development - ITU-D . . . . . . . . . . . 16 | |||
5.15. OASIS - Organization for the Advancement of | 5.14. OASIS - Organization for the Advancement of | |||
Structured Information Standards . . . . . . . . . . . . . 16 | Structured Information Standards . . . . . . . . . . . . . 16 | |||
5.16. OIF - Optical Internetworking Forum . . . . . . . . . . . 16 | 5.15. OIF - Optical Internetworking Forum . . . . . . . . . . . 16 | |||
5.17. NRIC - The Network Reliability and Interoperability | 5.16. NRIC - The Network Reliability and Interoperability | |||
Council . . . . . . . . . . . . . . . . . . . . . . . . . 16 | Council . . . . . . . . . . . . . . . . . . . . . . . . . 17 | |||
5.18. National Security Telecommunications Advisory | 5.17. National Security Telecommunications Advisory | |||
Committee (NSTAC) . . . . . . . . . . . . . . . . . . . . 17 | Committee (NSTAC) . . . . . . . . . . . . . . . . . . . . 17 | |||
5.19. TIA - The Telecommunications Industry Association . . . . 17 | 5.18. TIA - The Telecommunications Industry Association . . . . 17 | |||
5.20. Web Services Interoperability Organization (WS-I) . . . . 17 | 5.19. TTA - Telecommunications Technology Association . . . . . 17 | |||
6. Security Best Practices Efforts and Documents . . . . . . . . 18 | 5.20. Web Services Interoperability Organization (WS-I) . . . . 18 | |||
6.1. 3GPP - TSG SA WG3 (Security) . . . . . . . . . . . . . . . 18 | 6. Security Best Practices Efforts and Documents . . . . . . . . 19 | |||
6.2. 3GPP2 - TSG-S Working Group 4 (Security) . . . . . . . . . 18 | 6.1. 3GPP - TSG SA WG3 (Security) . . . . . . . . . . . . . . . 19 | |||
6.2. 3GPP2 - TSG-S Working Group 4 (Security) . . . . . . . . . 19 | ||||
6.3. American National Standard T1.276-2003 - Baseline | 6.3. American National Standard T1.276-2003 - Baseline | |||
Security Requirements for the Management Plane . . . . . . 18 | Security Requirements for the Management Plane . . . . . . 19 | |||
6.4. DMTF - Security Protection and Management (SPAM) | 6.4. DMTF - Security Protection and Management (SPAM) | |||
Working Group . . . . . . . . . . . . . . . . . . . . . . 19 | Working Group . . . . . . . . . . . . . . . . . . . . . . 20 | |||
6.5. DMTF - User and Security Working Group . . . . . . . . . . 19 | 6.5. DMTF - User and Security Working Group . . . . . . . . . . 20 | |||
6.6. ATIS Security & Emergency Preparedness Activities . . . . 19 | 6.6. ATIS Work-Plan to Achieve Interoperable, | |||
6.7. ATIS Work-Plan to Achieve Interoperable, | Implementable, End-To-End Standards and Solutions . . . . 20 | |||
Implementable, End-To-End Standards and Solutions . . . . 19 | 6.6.1. ATIS Work on Packet Filtering . . . . . . . . . . . . 20 | |||
6.7.1. ATIS Work on Packet Filtering . . . . . . . . . . . . 20 | 6.7. ATIS Work on the NGN . . . . . . . . . . . . . . . . . . . 21 | |||
6.8. ATIS Work on the NGN . . . . . . . . . . . . . . . . . . . 20 | 6.8. Common Criteria . . . . . . . . . . . . . . . . . . . . . 21 | |||
6.9. Common Criteria . . . . . . . . . . . . . . . . . . . . . 20 | 6.9. ETSI . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 | |||
6.10. ETSI . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 | 6.10. GGF Security Area (SEC) . . . . . . . . . . . . . . . . . 22 | |||
6.11. GGF Security Area (SEC) . . . . . . . . . . . . . . . . . 21 | 6.11. Information System Security Assurance Architecture . . . . 22 | |||
6.12. Information System Security Assurance Architecture . . . . 21 | 6.12. Operational Security Requirements for IP Network | |||
6.13. Operational Security Requirements for IP Network | ||||
Infrastructure : Advanced Requirements . . . . . . . . . . 22 | Infrastructure : Advanced Requirements . . . . . . . . . . 22 | |||
6.14. INCITS Technical Committee T4 - Security Techniques . . . 22 | 6.13. INCITS CS1 - Cyber Security . . . . . . . . . . . . . . . 23 | |||
6.15. INCITS CS1 - Cyber Security . . . . . . . . . . . . . . . 22 | 6.14. ISO Guidelines for the Management of IT Security - | |||
6.16. ISO Guidelines for the Management of IT Security - | GMITS . . . . . . . . . . . . . . . . . . . . . . . . . . 23 | |||
GMITS . . . . . . . . . . . . . . . . . . . . . . . . . . 22 | 6.15. ISO JTC 1/SC 27 . . . . . . . . . . . . . . . . . . . . . 24 | |||
6.17. ISO JTC 1/SC 27 . . . . . . . . . . . . . . . . . . . . . 23 | 6.16. ITU-T Study Group 2 . . . . . . . . . . . . . . . . . . . 24 | |||
6.18. ITU-T Study Group 2 . . . . . . . . . . . . . . . . . . . 24 | 6.17. ITU-T Recommendation M.3016 . . . . . . . . . . . . . . . 25 | |||
6.19. ITU-T Recommendation M.3016 . . . . . . . . . . . . . . . 24 | 6.18. ITU-T Recommendation X.805 . . . . . . . . . . . . . . . 25 | |||
6.20. ITU-T Recommendation X.805 . . . . . . . . . . . . . . . 25 | 6.19. ITU-T Study Group 16 . . . . . . . . . . . . . . . . . . . 25 | |||
6.21. ITU-T Study Group 16 . . . . . . . . . . . . . . . . . . . 25 | 6.20. ITU-T Study Group 17 . . . . . . . . . . . . . . . . . . . 26 | |||
6.22. ITU-T Study Group 17 . . . . . . . . . . . . . . . . . . . 25 | 6.21. Catalogue of ITU-T Recommendations related to | |||
6.23. Catalogue of ITU-T Recommendations related to | Communications System Security . . . . . . . . . . . . . . 26 | |||
Communications System Security . . . . . . . . . . . . . . 25 | 6.22. ITU-T Security Manual . . . . . . . . . . . . . . . . . . 26 | |||
6.24. ITU-T Security Manual . . . . . . . . . . . . . . . . . . 26 | 6.23. ITU-T NGN Effort . . . . . . . . . . . . . . . . . . . . . 27 | |||
6.25. ITU-T NGN Effort . . . . . . . . . . . . . . . . . . . . . 26 | 6.24. NRIC VI Focus Groups . . . . . . . . . . . . . . . . . . . 27 | |||
6.26. NRIC VI Focus Groups . . . . . . . . . . . . . . . . . . . 26 | 6.25. OASIS Security Joint Committee . . . . . . . . . . . . . . 27 | |||
6.27. OASIS Security Joint Committee . . . . . . . . . . . . . . 27 | 6.26. OASIS Security Services (SAML) TC . . . . . . . . . . . . 28 | |||
6.28. OASIS Security Services TC . . . . . . . . . . . . . . . . 27 | 6.27. OIF Implementation Agreements . . . . . . . . . . . . . . 28 | |||
6.29. OIF Implementation Agreements . . . . . . . . . . . . . . 27 | 6.28. TIA . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 | |||
6.30. TIA . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 | 6.29. WS-I Basic Security Profile . . . . . . . . . . . . . . . 28 | |||
6.31. WS-I Basic Security Profile . . . . . . . . . . . . . . . 28 | 7. Security Considerations . . . . . . . . . . . . . . . . . . . 30 | |||
7. Security Considerations . . . . . . . . . . . . . . . . . . . 29 | 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 31 | |||
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30 | 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 32 | |||
9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 31 | 10. Changes from Prior Drafts . . . . . . . . . . . . . . . . . . 33 | |||
10. Changes from Prior Drafts . . . . . . . . . . . . . . . . . . 32 | 11. Normative References . . . . . . . . . . . . . . . . . . . . . 34 | |||
11. Normative References . . . . . . . . . . . . . . . . . . . . . 33 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 35 | |||
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 34 | Intellectual Property and Copyright Statements . . . . . . . . . . 36 | |||
Intellectual Property and Copyright Statements . . . . . . . . . . 35 | ||||
1. Introduction | 1. Introduction | |||
The Internet is being recognized as a critical infrastructure similar | The Internet is being recognized as a critical infrastructure similar | |||
in nature to the power grid and a potable water supply. Just like | in nature to the power grid and a potable water supply. Just like | |||
those infrastructures, means are needed to provide resiliency and | those infrastructures, means are needed to provide resiliency and | |||
adaptability to the Internet so that it remains consistently | adaptability to the Internet so that it remains consistently | |||
available to the public throughout the world even during times of | available to the public throughout the world even during times of | |||
duress or attack. For this reason, many SDOs are developing | duress or attack. For this reason, many SDOs are developing | |||
standards with hopes of retaining an acceptable level, or even | standards with hopes of retaining an acceptable level, or even | |||
skipping to change at page 9, line 18 | skipping to change at page 9, line 18 | |||
computer security terms | computer security terms | |||
4.1. ATIS Telecom Glossary 2000 | 4.1. ATIS Telecom Glossary 2000 | |||
http://www.atis.org/tg2k/ | http://www.atis.org/tg2k/ | |||
Under an approved T1 standards project (T1A1-20), an existing 5800- | Under an approved T1 standards project (T1A1-20), an existing 5800- | |||
entry, search-enabled hypertext telecommunications glossary titled | entry, search-enabled hypertext telecommunications glossary titled | |||
Federal Standard 1037C, Glossary of Telecommunication Terms was | Federal Standard 1037C, Glossary of Telecommunication Terms was | |||
updated and matured into this glossary, T1.523-2001, Telecom Glossary | updated and matured into this glossary, T1.523-2001, Telecom Glossary | |||
2000. This updated glossary was posted on the Web as a American | 2000. This updated glossary was posted on the Web as an American | |||
National Standard (ANS). | National Standard (ANS). | |||
4.2. Critical Infrastructure Glossary of Terms and Acronyms | 4.2. Internet Security Glossary - RFC 2828 | |||
http://www.ciao.gov/ciao_document_library/glossary/a.htm | ||||
The Critical Infrastructure Assurance Office (CIAO) was created to | ||||
coordinate the Federal Government's initiatives on critical | ||||
infrastructure assurance. While the glossary was not created as a | ||||
glossary specifically for security terms, it is populated with many | ||||
security related definitions, abbreviations, organizations, and | ||||
concepts. | ||||
4.3. Internet Security Glossary - RFC 2828 | ||||
http://www.ietf.org/rfc/rfc2828.txt | http://www.ietf.org/rfc/rfc2828.txt | |||
Created in May 2000, the document defines itself to be, "an | Created in May 2000, the document defines itself to be, "an | |||
internally consistent, complementary set of abbreviations, | internally consistent, complementary set of abbreviations, | |||
definitions, explanations, and recommendations for use of terminology | definitions, explanations, and recommendations for use of terminology | |||
related to information system security." The glossary makes the | related to information system security." The glossary makes the | |||
distinction of the listed definitions throughout the document as | distinction of the listed definitions throughout the document as | |||
being: | being: | |||
skipping to change at page 10, line 4 | skipping to change at page 9, line 41 | |||
o a recommended Internet definition | o a recommended Internet definition | |||
o a recommended non-Internet definition | o a recommended non-Internet definition | |||
o not recommended as the first choice for Internet documents but | o not recommended as the first choice for Internet documents but | |||
something that an author of an Internet document would need to | something that an author of an Internet document would need to | |||
know | know | |||
o a definition that shouldn't be used in Internet documents | o a definition that shouldn't be used in Internet documents | |||
o additional commentary or usage guidance | o additional commentary or usage guidance | |||
4.4. Compendium of Approved ITU-T Security Definitions | 4.3. Compendium of Approved ITU-T Security Definitions | |||
http://www.itu.int/itudoc/itu-t/com17/activity/def004.html | http://www.itu.int/itudoc/itu-t/com17/activity/def004.html | |||
Addendum to the Compendium of the Approved ITU-T Security-related | Addendum to the Compendium of the Approved ITU-T Security-related | |||
Definitions | Definitions | |||
http://www.itu.int/itudoc/itu-t/com17/activity/add002.html | http://www.itu.int/itudoc/itu-t/com17/activity/add002.html | |||
These extensive materials were created from approved ITU-T | These extensive materials were created from approved ITU-T | |||
Recommendations with a view toward establishing a common | Recommendations with a view toward establishing a common | |||
understanding and use of security terms within ITU-T. | understanding and use of security terms within ITU-T. | |||
4.5. Microsoft Solutions for Security Glossary | 4.4. Microsoft Solutions for Security Glossary | |||
http://www.microsoft.com/security/glossary/ | http://www.microsoft.com/security/glossary.mspx | |||
The Microsoft Solutions for Security Glossary was created to explain | The Microsoft Solutions for Security Glossary was created to explain | |||
the concepts, technologies, and products associated with computer | the concepts, technologies, and products associated with computer | |||
security. This glossary contains several definitions specific to | security. This glossary contains several definitions specific to | |||
Microsoft proprietary technologies and product solutions. | Microsoft proprietary technologies and product solutions. | |||
4.6. SANS Glossary of Security Terms | 4.5. SANS Glossary of Security Terms | |||
http://www.sans.org/resources/glossary.php | http://www.sans.org/resources/glossary.php | |||
The SANS Institute (SysAdmin, Audit, Network, Security) was created | The SANS Institute (SysAdmin, Audit, Network, Security) was created | |||
in 1989 as, "a cooperative research and education organization." | in 1989 as, "a cooperative research and education organization." | |||
Updated in May 2003, SANS cites the NSA for their help in creating | Updated in May 2003, SANS cites the NSA for their help in creating | |||
the online glossary of security terms. The SANS Institute is also | the online glossary of security terms. The SANS Institute is also | |||
home to many other resources including the SANS Intrusion Detection | home to many other resources including the SANS Intrusion Detection | |||
FAQ and the SANS/FBI Top 20 Vulnerabilities List. | FAQ and the SANS/FBI Top 20 Vulnerabilities List. | |||
4.7. USC InfoSec Glossary | 4.6. Security Taxonomy and Glossary - Anne & Lynn Wheeler | |||
http://www.usc.edu/org/infosec/resources/glossary_a.html | http://www.garlic.com/~lynn/secure.htm | |||
A glossary of Information Systems security terms compiled by the | Anne and Lynn Wheeler maintain a security taxonomy and glossary with | |||
University of Southern California Office of Information Security. | terms merged from AFSEC, AJP, CC1, CC2, CC21 (CC site), CIAO, FCv1, | |||
FFIEC, FJC, FTC, IATF V3 (IATF site), IEEE610, ITSEC, Intel, JTC1/ | ||||
SC27 (SC27 site), KeyAll, MSC, NIST 800-30, 800-33, 800-37, 800-53, | ||||
800-61, 800-77, 800-83 FIPS140, NASA, NCSC/TG004, NIAP, NSA | ||||
Intrusion, CNSSI 4009, online security study, RFC1983, RFC2504, | ||||
RFC2647, RFC2828, TCSEC, TDI, and TNI. | ||||
5. Standards Developing Organizations | 5. Standards Developing Organizations | |||
This section of this document lists the SDOs, or organizations that | This section of this document lists the SDOs, or organizations that | |||
appear to be developing security related standards. These SDOs are | appear to be developing security related standards. These SDOs are | |||
listed in alphabetical order. | listed in alphabetical order. | |||
Note: The authors would appreciate corrections and additions. This | Note: The authors would appreciate corrections and additions. This | |||
note will be removed before publication as an RFC. | note will be removed before publication as an RFC. | |||
skipping to change at page 11, line 43 | skipping to change at page 11, line 43 | |||
Partners for market advice. | Partners for market advice. | |||
5.3. ANSI - The American National Standards Institute | 5.3. ANSI - The American National Standards Institute | |||
http://www.ansi.org/ | http://www.ansi.org/ | |||
ANSI is a private, non-profit organization that organizes and | ANSI is a private, non-profit organization that organizes and | |||
oversees the U.S. voluntary standardization and conformity assessment | oversees the U.S. voluntary standardization and conformity assessment | |||
system. ANSI was founded October 19, 1918. | system. ANSI was founded October 19, 1918. | |||
5.3.1. Accredited Standards Committee X9 (ASC X9) | ||||
http://www.x9.org/ | ||||
The Accredited Standards Committee X9 (ASC X9) has the mission to | ||||
develop, establish, maintain, and promote standards for the Financial | ||||
Services Industry in order to facilitate delivery of financial | ||||
services and products. | ||||
5.4. ATIS - Alliance for Telecommunications Industry Solutions | 5.4. ATIS - Alliance for Telecommunications Industry Solutions | |||
http://www.atis.org/ | http://www.atis.org/ | |||
ATIS is a United States based body that is committed to rapidly | ATIS is a United States based body that is committed to rapidly | |||
developing and promoting technical and operations standards for the | developing and promoting technical and operations standards for the | |||
communications and related information technologies industry | communications and related information technologies industry | |||
worldwide using pragmatic, flexible and open approach. Committee T1 | worldwide using pragmatic, flexible and open approach. Committee T1 | |||
as a group no longer exists as a result of the recent ATIS | as a group no longer exists as a result of the recent ATIS | |||
reorganization on January 1, 2004. ATIS has restructured the former | reorganization on January 1, 2004. ATIS has restructured the former | |||
T1 technical subcommittees into full ATIS standards committees to | T1 technical subcommittees into full ATIS standards committees to | |||
easily identify and promote the nature of standards work each | easily identify and promote the nature of standards work each | |||
committee performs. Due to the reorganization, some groups may have | committee performs. Due to the reorganization, some groups may have | |||
a new mission and scope statement. | a new mission and scope statement. | |||
5.4.1. ATIS Network Performance, Reliability and Quality of Service | 5.4.1. ATIS NIPP - Network Interface, Power, and Protection Committee, | |||
Committee, formerly T1A1 | ||||
http://www.atis.org/0010/index.asp | ||||
ATIS Network Performance, Reliability and Quality of Service | ||||
Committee develops and recommends standards, requirements, and | ||||
technical reports related to the performance, reliability, and | ||||
associated security aspects of communications networks, as well as | ||||
the processing of voice, audio, data, image, and video signals, and | ||||
their multimedia integration. | ||||
5.4.2. ATIS Network Interface, Power, and Protection Committee, | ||||
formerly T1E1 | formerly T1E1 | |||
http://www.atis.org/0050/index.asp | http://www.atis.org/0050/index.asp | |||
ATIS Network Interface, Power, and Protection Committee develops and | ATIS Network Interface, Power, and Protection Committee develops and | |||
recommends standards and technical reports related to power systems, | recommends standards and technical reports related to power systems, | |||
electrical and physical protection for the exchange and interexchange | electrical and physical protection for the exchange and interexchange | |||
carrier networks, and interfaces associated with user access to | carrier networks, and interfaces associated with user access to | |||
telecommunications networks. | telecommunications networks. | |||
5.4.3. ATIS Telecom Management and Operations Committee, formerly T1M1 | 5.4.2. ATIS NPRQ - Network Performance, Reliability, and Quality of | |||
OAM&P | Service Committee, formerly T1A1 | |||
http://www.atis.org/0130/index.asp | http://www.atis.org/0010/index.asp | |||
ATIS Telecom Management and Operations Committee develops | ATIS Network Performance, Reliability and Quality of Service | |||
internetwork operations, administration, maintenance and provisioning | Committee develops and recommends standards, requirements, and | |||
standards, and technical reports related to interfaces for | technical reports related to the performance, reliability, and | |||
telecommunications networks. | associated security aspects of communications networks, as well as | |||
the processing of voice, audio, data, image, and video signals, and | ||||
their multimedia integration. | ||||
5.4.4. ATIS Ordering and Billing Forum regarding T1M1 O&B | 5.4.3. ATIS OBF - Ordering and Billing Forum, formerly regarding T1M1 | |||
O&B | ||||
http://www.atis.org/obf/index.asp | http://www.atis.org/obf/index.asp | |||
The T1M1 O&B subcommittee has become part of the ATIS Ordering and | The T1M1 O&B subcommittee has become part of the ATIS Ordering and | |||
Billing Forum. | Billing Forum. | |||
The ATIS-sponsored Ordering and Billing Forum (OBF) provides a forum | The ATIS-sponsored Ordering and Billing Forum (OBF) provides a forum | |||
for customers and providers in the telecommunications industry to | for customers and providers in the telecommunications industry to | |||
identify, discuss and resolve national issues which affect ordering, | identify, discuss and resolve national issues which affect ordering, | |||
billing, provisioning and exchange of information about access | billing, provisioning and exchange of information about access | |||
services, other connectivity and related matters. | services, other connectivity and related matters. | |||
5.4.5. ATIS Wireless Technologies and Systems Committee, formerly T1P1 | 5.4.4. ATIS OPTXS - Optical Transport and Synchronization Committee, | |||
formerly T1X1 | ||||
http://www.atis.org/0240/index.asp | ||||
ATIS Optical Transport and Synchronization Committee develops and | ||||
recommends standards and prepares technical reports related to | ||||
telecommunications network technology pertaining to network | ||||
synchronization interfaces and hierarchical structures including | ||||
optical technology. | ||||
5.4.5. ATIS TMOC - Telecom Management and Operations Committee, | ||||
formerly T1M1 OAM&P | ||||
http://www.atis.org/0130/index.asp | ||||
ATIS Telecom Management and Operations Committee develops | ||||
internetwork operations, administration, maintenance and provisioning | ||||
standards, and technical reports related to interfaces for | ||||
telecommunications networks. | ||||
5.4.6. ATIS WTSC - Wireless Technologies and Systems Committee, | ||||
formerly T1P1 | ||||
http://www.atis.org/0160/index.asp | http://www.atis.org/0160/index.asp | |||
ATIS Wireless Technologies and Systems Committee develops and | ATIS Wireless Technologies and Systems Committee develops and | |||
recommends standards and technical reports related to wireless and/or | recommends standards and technical reports related to wireless and/or | |||
mobile services and systems, including service descriptions and | mobile services and systems, including service descriptions and | |||
wireless technologies. | wireless technologies. | |||
5.4.6. ATIS Packet Technologies and Systems Committee, formerly T1S1 | 5.4.7. ATIS PTSC - Packet Technologies and Systems Committee, formerly | |||
T1S1 | ||||
http://www.atis.org/0191/index.asp | ||||
T1S1 was split into two separate ATIS committees: the ATIS Packet | T1S1 was split into two separate ATIS committees: the ATIS Packet | |||
Technologies and Systems Committee and the ATIS Protocol Interworking | Technologies and Systems Committee and the ATIS Protocol Interworking | |||
Committee. PTSC is responsible for producing standards to secure | Committee. PTSC is responsible for producing standards to secure | |||
signalling. | signalling. | |||
The basic document is PTSC-SEC-2005-059.doc which is in Letter Ballot | The basic document is PTSC-SEC-2005-059.doc which is in Letter Ballot | |||
at this time. It is expected to move to an ANSI standard. | at this time. It is expected to move to an ANSI standard. | |||
5.4.7. ATIS Protocol Interworking Committee, regarding T1S1 | 5.4.8. ATIS Protocol Interworking Committee, regarding T1S1 | |||
T1S1 was split into two separate ATIS committees: the ATIS Packet | T1S1 was split into two separate ATIS committees: the ATIS Packet | |||
Technologies and Systems Committee and the ATIS Protocol Interworking | Technologies and Systems Committee and the ATIS Protocol Interworking | |||
Committee. As a result of the reorganization of T1S1, these groups | Committee. As a result of the reorganization of T1S1, these groups | |||
will also probably have a new mission and scope. | will also probably have a new mission and scope. | |||
5.4.8. ATIS Optical Transport and Synchronization Committee, formerly | ||||
T1X1 | ||||
http://www.atis.org/0240/index.asp | ||||
ATIS Optical Transport and Synchronization Committee develops and | ||||
recommends standards and prepares technical reports related to | ||||
telecommunications network technology pertaining to network | ||||
synchronization interfaces and hierarchical structures including | ||||
optical technology. | ||||
5.5. CC - Common Criteria | 5.5. CC - Common Criteria | |||
http://www.commoncriteriaportal.org/ | http://www.commoncriteriaportal.org/ | |||
In June 1993, the sponsoring organizations of the existing US, | In June 1993, the sponsoring organizations of the existing US, | |||
Canadian, and European criterias (TCSEC, ITSEC, and similar) started | Canadian, and European criterias (TCSEC, ITSEC, and similar) started | |||
the Common Criteria Project to align their separate criteria into a | the Common Criteria Project to align their separate criteria into a | |||
single set of IT security criteria. | single set of IT security criteria. | |||
5.6. DMTF - Distributed Management Task Force, Inc. | 5.6. DMTF - Distributed Management Task Force, Inc. | |||
skipping to change at page 14, line 24 | skipping to change at page 14, line 40 | |||
5.7. ETSI - The European Telecommunications Standard Institute | 5.7. ETSI - The European Telecommunications Standard Institute | |||
http://www.etsi.org/ | http://www.etsi.org/ | |||
ETSI is an independent, non-profit organization which produces | ETSI is an independent, non-profit organization which produces | |||
telecommunications standards. ETSI is based in Sophia-Antipolis in | telecommunications standards. ETSI is based in Sophia-Antipolis in | |||
the south of France and maintains a membership from 55 countries. | the south of France and maintains a membership from 55 countries. | |||
Joint work between ETSI and ITU-T SG-17 | Joint work between ETSI and ITU-T SG-17 | |||
http://docbox.etsi.org/OCG/OCG/GSC9/GSC9_JointT%26R/ | http://www.tta.or.kr/gsc/upload/ | |||
GSC9_Joint_011_Security_Standardization_in_ITU.ppt | GSC9_Joint_011_Security_Standardization_in_ITU.ppt | |||
5.8. GGF - Global Grid Forum | 5.8. GGF - Global Grid Forum | |||
http://www.gridforum.org/ | http://www.gridforum.org/ | |||
The Global Grid Forum (GGF) is a community-initiated forum of | The Global Grid Forum (GGF) is a community-initiated forum of | |||
thousands of individuals from industry and research leading the | thousands of individuals from industry and research leading the | |||
global standardization effort for grid computing. GGF's primary | global standardization effort for grid computing. GGF's primary | |||
objectives are to promote and support the development, deployment, | objectives are to promote and support the development, deployment, | |||
and implementation of Grid technologies and applications via the | and implementation of grid technologies and applications via the | |||
creation and documentation of "best practices" - technical | creation and documentation of "best practices" - technical | |||
specifications, user experiences, and implementation guidelines. | specifications, user experiences, and implementation guidelines. | |||
5.9. IEEE - The Institute of Electrical and Electronics Engineers, Inc. | 5.9. IEEE - The Institute of Electrical and Electronics Engineers, Inc. | |||
http://www.ieee.org/ | http://www.ieee.org/ | |||
IEEE is a non-profit, technical professional association of more than | IEEE is a non-profit, professional association of more than 360,000 | |||
360,000 individual members in approximately 175 countries. The IEEE | individual members in approximately 175 countries. The IEEE produces | |||
produces 30 percent of the world's published literature in electrical | 30 percent of the world's published literature in electrical | |||
engineering, computers and control technology through its technical | engineering, computers, and control technology through its technical | |||
publishing, conferences and consensus-based standards activities. | publishing, conferences, and consensus-based standards activities. | |||
5.10. IETF - The Internet Engineering Task Force | 5.10. IETF - The Internet Engineering Task Force | |||
http://www.ietf.org/ | http://www.ietf.org/ | |||
IETF is a large, international community open to any interested | IETF is a large, international community open to any interested | |||
individual concerned with the evolution of the Internet architecture | individual concerned with the evolution of the Internet architecture | |||
and the smooth operation of the Internet. | and the smooth operation of the Internet. | |||
5.11. INCITS - InterNational Committee for Information Technology | 5.11. INCITS - InterNational Committee for Information Technology | |||
Standards | Standards | |||
http://www.incits.org/ | http://www.incits.org/ | |||
INCITS focuses upon standardization in the field of Information and | INCITS focuses upon standardization in the field of Information and | |||
skipping to change at page 15, line 18 | skipping to change at page 15, line 34 | |||
5.11. INCITS - InterNational Committee for Information Technology | 5.11. INCITS - InterNational Committee for Information Technology | |||
Standards | Standards | |||
http://www.incits.org/ | http://www.incits.org/ | |||
INCITS focuses upon standardization in the field of Information and | INCITS focuses upon standardization in the field of Information and | |||
Communications Technologies (ICT), encompassing storage, processing, | Communications Technologies (ICT), encompassing storage, processing, | |||
transfer, display, management, organization, and retrieval of | transfer, display, management, organization, and retrieval of | |||
information. | information. | |||
5.12. INCITS Technical Committee T11 - Fibre Channel Interfaces | 5.11.1. INCITS Technical Committee T11 - Fibre Channel Interfaces | |||
http://www.t11.org/index.htm | http://www.t11.org/index.htm | |||
T11 is responsible for standards development in the areas of | T11 is responsible for standards development in the areas of | |||
Intelligent Peripheral Interface (IPI), High-Performance Parallel | Intelligent Peripheral Interface (IPI), High-Performance Parallel | |||
Interface (HIPPI) and Fibre Channel (FC). T11 has a project called | Interface (HIPPI) and Fibre Channel (FC). T11 has a project called | |||
FC-SP to define Security Protocols for Fibre Channel. | FC-SP to define Security Protocols for Fibre Channel. | |||
FC-SP Project Proposal: | FC-SP Project Proposal: | |||
ftp://ftp.t11.org/t11/admin/project_proposals/02-036v2.pdf | ftp://ftp.t11.org/t11/admin/project_proposals/02-036v2.pdf | |||
5.13. ISO - The International Organization for Standardization | 5.12. ISO - The International Organization for Standardization | |||
http://www.iso.org/ | http://www.iso.org/ | |||
ISO is a network of the national standards institutes of 148 | ISO is a network of the national standards institutes of 148 | |||
countries, on the basis of one member per country, with a Central | countries, on the basis of one member per country, with a Central | |||
Secretariat in Geneva, Switzerland, that coordinates the system. ISO | Secretariat in Geneva, Switzerland, that coordinates the system. ISO | |||
officially began operations on February 23, 1947. | officially began operations on February 23, 1947. | |||
5.14. ITU - International Telecommunication Union | 5.13. ITU - International Telecommunication Union | |||
http://www.itu.int/ | http://www.itu.int/ | |||
The ITU is an international organization within the United Nations | The ITU is an international organization within the United Nations | |||
System headquartered in Geneva, Switzerland. The ITU is comprised of | System headquartered in Geneva, Switzerland. The ITU is comprised of | |||
three sectors: | three sectors: | |||
5.14.1. ITU Telecommunication Standardization Sector - ITU-T | 5.13.1. ITU Telecommunication Standardization Sector - ITU-T | |||
http://www.itu.int/ITU-T/ | http://www.itu.int/ITU-T/ | |||
ITU-T's mission is to ensure an efficient and on-time production of | ITU-T's mission is to ensure an efficient and on-time production of | |||
high quality standards covering all fields of telecommunications. | high quality standards covering all fields of telecommunications. | |||
5.14.2. ITU Radiocommunication Sector - ITU-R | 5.13.2. ITU Radiocommunication Sector - ITU-R | |||
http://www.itu.int/ITU-R/ | http://www.itu.int/ITU-R/ | |||
The ITU-R plays a vital role in the management of the radio-frequency | The ITU-R plays a vital role in the management of the radio-frequency | |||
spectrum and satellite orbits. | spectrum and satellite orbits. | |||
5.14.3. ITU Telecom Development - ITU-D | 5.13.3. ITU Telecom Development - ITU-D | |||
(also referred as ITU Telecommunication Development Bureau - BDT) | (also referred as ITU Telecommunication Development Bureau - BDT) | |||
http://www.itu.int/ITU-D/ | http://www.itu.int/ITU-D/ | |||
The Telecommunication Development Bureau (BDT) is the executive arm | The Telecommunication Development Bureau (BDT) is the executive arm | |||
of the Telecommunication Development Sector. Its duties and | of the Telecommunication Development Sector. Its duties and | |||
responsibilities cover a variety of functions ranging from programme | responsibilities cover a variety of functions ranging from programme | |||
supervision and technical advice to the collection, processing and | supervision and technical advice to the collection, processing and | |||
publication of information relevant to telecommunication development. | publication of information relevant to telecommunication development. | |||
5.15. OASIS - Organization for the Advancement of Structured | 5.14. OASIS - Organization for the Advancement of Structured | |||
Information Standards | Information Standards | |||
http://www.oasis-open.org/ | http://www.oasis-open.org/ | |||
OASIS is a not-for-profit, international consortium that drives the | OASIS is a not-for-profit, international consortium that drives the | |||
development, convergence, and adoption of e-business standards. | development, convergence, and adoption of e-business standards. | |||
5.16. OIF - Optical Internetworking Forum | 5.15. OIF - Optical Internetworking Forum | |||
http://www.oiforum.com/ | http://www.oiforum.com/ | |||
On April 20, 1998 Cisco Systems and Ciena Corporation announced an | On April 20, 1998 Cisco Systems and Ciena Corporation announced an | |||
industry-wide initiative to create the Optical Internetworking Forum, | industry-wide initiative to create the Optical Internetworking Forum, | |||
an open forum focused on accelerating the deployment of optical | an open forum focused on accelerating the deployment of optical | |||
internetworks. | internetworks. | |||
5.17. NRIC - The Network Reliability and Interoperability Council | 5.16. NRIC - The Network Reliability and Interoperability Council | |||
http://www.nric.org/ | http://www.nric.org/ | |||
The purposes of the Committee are to give telecommunications industry | The purposes of the Committee are to give telecommunications industry | |||
leaders the opportunity to provide recommendations to the FCC and to | leaders the opportunity to provide recommendations to the FCC and to | |||
the industry that assure optimal reliability and interoperability of | the industry that assure optimal reliability and interoperability of | |||
telecommunications networks. The Committee addresses topics in the | telecommunications networks. The Committee addresses topics in the | |||
area of Homeland Security, reliability, interoperability, and | area of Homeland Security, reliability, interoperability, and | |||
broadband deployment. | broadband deployment. | |||
5.18. National Security Telecommunications Advisory Committee (NSTAC) | 5.17. National Security Telecommunications Advisory Committee (NSTAC) | |||
http://www.ncs.gov/nstac/nstac.html | http://www.ncs.gov/nstac/nstac.html | |||
President Ronald Reagan created the National Security | President Ronald Reagan created the National Security | |||
Telecommunications Advisory Committee (NSTAC) by Executive Order | Telecommunications Advisory Committee (NSTAC) by Executive Order | |||
12382 in September 1982. Since then, the NSTAC has served four | 12382 in September 1982. Since then, the NSTAC has served four | |||
presidents. Composed of up to 30 industry chief executives | presidents. Composed of up to 30 industry chief executives | |||
representing the major communications and network service providers | representing the major communications and network service providers | |||
and information technology, finance, and aerospace companies, the | and information technology, finance, and aerospace companies, the | |||
NSTAC provides industry-based advice and expertise to the President | NSTAC provides industry-based advice and expertise to the President | |||
on issues and problems related to implementing national security and | on issues and problems related to implementing national security and | |||
emergency preparedness (NS/EP) communications policy. Since its | emergency preparedness (NS/EP) communications policy. Since its | |||
inception, the NSTAC has addressed a wide range of policy and | inception, the NSTAC has addressed a wide range of policy and | |||
technical issues regarding communications, information systems, | technical issues regarding communications, information systems, | |||
information assurance, critical infrastructure protection, and other | information assurance, critical infrastructure protection, and other | |||
NS/EP communications concerns. | NS/EP communications concerns. | |||
5.19. TIA - The Telecommunications Industry Association | 5.18. TIA - The Telecommunications Industry Association | |||
http://www.tiaonline.org/ | http://www.tiaonline.org/ | |||
TIA is accredited by ANSI to develop voluntary industry standards for | TIA is accredited by ANSI to develop voluntary industry standards for | |||
a wide variety of telecommunications products. TIA's Standards and | a wide variety of telecommunications products. TIA's Standards and | |||
Technology Department is composed of five divisions: Fiber Optics, | Technology Department is composed of five divisions: Fiber Optics, | |||
User Premises Equipment, Network Equipment, Wireless Communications | User Premises Equipment, Network Equipment, Wireless Communications | |||
and Satellite Communications. | and Satellite Communications. | |||
5.19. TTA - Telecommunications Technology Association | ||||
http://www.tta.or.kr/Home2003/main/index.jsp | ||||
http://www.tta.or.kr/English/new/main/index.htm (English) | ||||
TTA (Telecommunications Technology Association) is a IT standards | ||||
organization that develops new standards and provides one-stop | ||||
services for the establishment of IT standards as well as providing | ||||
testing and certification for IT products. | ||||
5.20. Web Services Interoperability Organization (WS-I) | 5.20. Web Services Interoperability Organization (WS-I) | |||
http://www.ws-i.org/ | http://www.ws-i.org/ | |||
WS-I is an open, industry organization chartered to promote Web | WS-I is an open, industry organization chartered to promote Web | |||
services interoperability across platforms, operating systems, and | services interoperability across platforms, operating systems, and | |||
programming languages. The organization works across the industry | programming languages. The organization works across the industry | |||
and standards organizations to respond to customer needs by providing | and standards organizations to respond to customer needs by providing | |||
guidance, best practices, and resources for developing Web services | guidance, best practices, and resources for developing Web services | |||
solutions. | solutions. | |||
skipping to change at page 19, line 28 | skipping to change at page 20, line 28 | |||
Documents: | Documents: | |||
http://webstore.ansi.org/ansidocstore/product.asp?sku=T1%2E276%2D2003 | http://webstore.ansi.org/ansidocstore/product.asp?sku=T1%2E276%2D2003 | |||
6.4. DMTF - Security Protection and Management (SPAM) Working Group | 6.4. DMTF - Security Protection and Management (SPAM) Working Group | |||
http://www.dmtf.org/about/committees/spamWGCharter.pdf | http://www.dmtf.org/about/committees/spamWGCharter.pdf | |||
The Working Group will define a CIM Common Model that addresses | The Working Group will define a CIM Common Model that addresses | |||
security protection and detection technologies, which may include | security protection and detection technologies, which may include | |||
devices and services, and classifies security information, attacks | devices and services, and classifies security information, attacks, | |||
and responses. | and responses. | |||
6.5. DMTF - User and Security Working Group | 6.5. DMTF - User and Security Working Group | |||
http://www.dmtf.org/about/committees/userWGCharter.pdf | http://www.dmtf.org/about/committees/userWGCharter.pdf | |||
The User and Security Working Group defines objects and access | The User and Security Working Group defines objects and access | |||
methods required for principals - where principals include users, | methods required for principals - where principals include users, | |||
groups, software agents, systems, and organizations. | groups, software agents, systems, and organizations. | |||
6.6. ATIS Security & Emergency Preparedness Activities | 6.6. ATIS Work-Plan to Achieve Interoperable, Implementable, End-To-End | |||
http://www.atis.org/atis/atisinfo/emergency/ | ||||
security_committee_activities_T1.htm | ||||
The link above contains the description of the ATIS Communications | ||||
Security Model, the scopes of the Technical Subcommittees in relation | ||||
to the security model, and a list of published documents produced by | ||||
ATIS addressed to various aspects of network security. | ||||
6.7. ATIS Work-Plan to Achieve Interoperable, Implementable, End-To-End | ||||
Standards and Solutions | Standards and Solutions | |||
ftp://ftp.t1.org/T1M1/NEW-T1M1.0/3M101940.pdf | ftp://ftp.t1.org/T1M1/NEW-T1M1.0/3M101940.pdf | |||
The ATIS TOPS Security Focus Group has made recommendations on work | The ATIS TOPS Security Focus Group has made recommendations on work | |||
items needed to be performed by other SDOs. | items needed to be performed by other SDOs. | |||
6.7.1. ATIS Work on Packet Filtering | 6.6.1. ATIS Work on Packet Filtering | |||
A part of the ATIS Work Plan was to define how disruptions may be | A part of the ATIS Work Plan was to define how disruptions may be | |||
prevented by filtering unwanted traffic at the edges of the network. | prevented by filtering unwanted traffic at the edges of the network. | |||
ATIS is developing this work in a document titled, "Traffic Filtering | ATIS is developing this work in a document titled, "Traffic Filtering | |||
for the Prevention of Unwanted Traffic". | for the Prevention of Unwanted Traffic". | |||
6.8. ATIS Work on the NGN | 6.7. ATIS Work on the NGN | |||
http://www.atis.org/tops/WebsiteDocuments/ NGN/Working%20Docs/ | http://www.atis.org/tops/WebsiteDocuments/ NGN/Working%20Docs/ | |||
Part%20I/ATIS_NGN_Part_1_Issue1.pdf | Part%20I/ATIS_NGN_Part_1_Issue1.pdf | |||
In November 2004, ATIS released Part I of the ATIS NGN-FG efforts | In November 2004, ATIS released Part I of the ATIS NGN-FG efforts | |||
entitled, "ATIS Next Generation Network (NGN) Framework Part I: NGN | entitled, "ATIS Next Generation Network (NGN) Framework Part I: NGN | |||
Definitions, Requirements, and Architecture, Issue 1.0, November | Definitions, Requirements, and Architecture, Issue 1.0, November | |||
2004." | 2004." | |||
6.9. Common Criteria | 6.8. Common Criteria | |||
http://www.commoncriteriaportal.org/ | http://www.commoncriteriaportal.org/ | |||
Version 1.0 of the CC was completed in January 1996. Based on a | Version 1.0 of the CC was completed in January 1996. Based on a | |||
number of trial evaluations and an extensive public review, Version | number of trial evaluations and an extensive public review, Version | |||
1.0 was extensively revised and CC Version 2.0 was produced in April | 1.0 was extensively revised and CC Version 2.0 was produced in April | |||
of 1998. This became ISO International Standard 15408 in 1999. The | of 1998. This became ISO International Standard 15408 in 1999. The | |||
CC Project subsequently incorporated the minor changes that had | CC Project subsequently incorporated the minor changes that had | |||
resulted in the ISO process, producing CC version 2.1 in August 1999. | resulted in the ISO process, producing CC version 2.1 in August 1999. | |||
Version 3.0 was published in June 2005 and is available for comment. | Version 3.0 was published in June 2005 and is available for comment. | |||
skipping to change at page 21, line 5 | skipping to change at page 21, line 41 | |||
Part 1: Introduction and general model | Part 1: Introduction and general model | |||
Part 2: Security functional components | Part 2: Security functional components | |||
Part 3: Security assurance components | Part 3: Security assurance components | |||
Documents: Common Criteria V2.3 | Documents: Common Criteria V2.3 | |||
http://www.commoncriteriaportal.org/public/expert/index.php?menu=2 | http://www.commoncriteriaportal.org/public/expert/index.php?menu=2 | |||
6.10. ETSI | 6.9. ETSI | |||
http://www.etsi.org/ | http://www.etsi.org/ | |||
The ETSI hosted the ETSI Global Security Conference in late November, | The ETSI hosted the ETSI Global Security Conference in late November, | |||
2003, which could lead to a standard. | 2003, which could lead to a standard. | |||
Groups related to security located from the ETSI Groups Portal: | Groups related to security located from the ETSI Groups Portal: | |||
OCG Security | OCG Security | |||
3GPP SA3 | 3GPP SA3 | |||
TISPAN WG7 | TISPAN WG7 | |||
6.11. GGF Security Area (SEC) | 6.10. GGF Security Area (SEC) | |||
https://forge.gridforum.org/projects/sec/ | https://forge.gridforum.org/projects/sec/ | |||
The Security Area (SEC) is concerned with various issues relating to | The Security Area (SEC) is concerned with various issues relating to | |||
authentication and authorization in Grid environments. | authentication and authorization in Grid environments. | |||
Working groups: | Working groups: | |||
Authorization Frameworks and Mechanisms WG (AuthZ-WG) - | Authorization Frameworks and Mechanisms WG (AuthZ-WG) - | |||
https://forge.gridforum.org/projects/authz-wg | https://forge.gridforum.org/projects/authz-wg | |||
Certificate Authority Operations Working Group (CAOPS-WG) - | Certificate Authority Operations Working Group (CAOPS-WG) - | |||
https://forge.gridforum.org/projects/caops-wg | https://forge.gridforum.org/projects/caops-wg | |||
OGSA Authorization Working Group (OGSA-AUTHZ) - | OGSA Authorization Working Group (OGSA-AUTHZ) - | |||
https://forge.gridforum.org/projects/ogsa-authz | https://forge.gridforum.org/projects/ogsa-authz | |||
Grid Security Infrastructure (GSI-WG) - | Grid Security Infrastructure (GSI-WG) - | |||
https://forge.gridforum.org/projects/gsi-wg | https://forge.gridforum.org/projects/gsi-wg | |||
6.12. Information System Security Assurance Architecture | 6.11. Information System Security Assurance Architecture | |||
IEEE Working Group - http://issaa.org/ | IEEE Working Group - http://issaa.org/ | |||
Formerly the Security Certification and Accreditation of Information | Formerly the Security Certification and Accreditation of Information | |||
Systems (SCAISWG), IEEE Project 1700's purpose is to develop a draft | Systems (SCAISWG), IEEE Project 1700's purpose is to develop a draft | |||
Standard for Information System Security Assurance Architecture for | Standard for Information System Security Assurance Architecture for | |||
ballot and during the process begin development of a suite of | ballot and during the process begin development of a suite of | |||
associated standards for components of that architecture. | associated standards for components of that architecture. | |||
Documents: http://issaa.org/documents/index.html | Documents: http://issaa.org/documents/index.html | |||
6.13. Operational Security Requirements for IP Network Infrastructure : | 6.12. Operational Security Requirements for IP Network Infrastructure : | |||
Advanced Requirements | Advanced Requirements | |||
IETF RFC 3871 | IETF RFC 3871 | |||
Abstract: This document defines a list of operational security | Abstract: This document defines a list of operational security | |||
requirements for the infrastructure of large ISP IP networks (routers | requirements for the infrastructure of large ISP IP networks (routers | |||
and switches). A framework is defined for specifying "profiles", | and switches). A framework is defined for specifying "profiles", | |||
which are collections of requirements applicable to certain network | which are collections of requirements applicable to certain network | |||
topology contexts (all, core-only, edge-only...). The goal is to | topology contexts (all, core-only, edge-only...). The goal is to | |||
provide network operators a clear, concise way of communicating their | provide network operators a clear, concise way of communicating their | |||
security requirements to vendors. | security requirements to vendors. | |||
Documents: | Documents: | |||
ftp://ftp.rfc-editor.org/in-notes/rfc3871.txt | ftp://ftp.rfc-editor.org/in-notes/rfc3871.txt | |||
6.14. INCITS Technical Committee T4 - Security Techniques | 6.13. INCITS CS1 - Cyber Security | |||
http://www.incits.org/tc_home/t4.htm | ||||
Technical Committee T4, Security Techniques, participates in the | ||||
standardization of generic methods for information technology | ||||
security. This includes development of: security techniques and | ||||
mechanisms; security guidelines; security evaluation criteria; and | ||||
identification of generic requirements for information technology | ||||
system security services. | ||||
6.15. INCITS CS1 - Cyber Security | ||||
http://www.incits.org/tc_home/cs1.htm | http://cs1.incits.org/ | |||
INCITS/CS1 was established in April 2005 to serve as the US TAG for | INCITS/CS1 was established in April 2005 to serve as the US TAG for | |||
ISO/IEC JTC 1/SC 27 and all SC 27 Working Groups except WG 2 | ISO/IEC JTC 1/SC 27 and all SC 27 Working Groups except WG 2 | |||
(INCITS/T4 serves as the US TAG to SC 27/WG 2). | (INCITS/T4 serves as the US TAG to SC 27/WG 2). | |||
The scope of CS1 explicitly excludes the areas of work on cyber | The scope of CS1 explicitly excludes the areas of work on cyber | |||
security standardization presently underway in INCITS B10, M1 and T3; | security standardization presently underway in INCITS B10, M1 and T3; | |||
as well as other standard groups, such as ATIS, IEEE, IETF, TIA, and | as well as other standard groups, such as ATIS, IEEE, IETF, TIA, and | |||
X9. INCITS T4's area of work would be narrowed to cryptography | X9. INCITS T4's area of work would be narrowed to cryptography | |||
projects in ISO/IEC JTC 1/SC 27 WG 2 (Security techniques and | projects in ISO/IEC JTC 1/SC 27 WG 2 (Security techniques and | |||
mechanisms). | mechanisms). | |||
6.16. ISO Guidelines for the Management of IT Security - GMITS | 6.14. ISO Guidelines for the Management of IT Security - GMITS | |||
Guidelines for the Management of IT Security -- Part 1: Concepts and | Guidelines for the Management of IT Security -- Part 1: Concepts and | |||
models for IT Security | models for IT Security | |||
http://www.iso.ch/iso/en/ | http://www.iso.ch/iso/en/ | |||
CatalogueDetailPage.CatalogueDetail?CSNUMBER=21733&ICS1=35 | CatalogueDetailPage.CatalogueDetail?CSNUMBER=21733&ICS1=35 | |||
Guidelines for the Management of IT Security -- Part 2: Managing and | Guidelines for the Management of IT Security -- Part 2: Managing and | |||
planning IT Security | planning IT Security | |||
http://www.iso.org/iso/en/ | http://www.iso.org/iso/en/ | |||
CatalogueDetailPage.CatalogueDetail?CSNUMBER=21755&ICS1=35&ICS2=40& | CatalogueDetailPage.CatalogueDetail?CSNUMBER=21755&ICS1=35&ICS2=40& | |||
ICS3= | ICS3= | |||
skipping to change at page 23, line 41 | skipping to change at page 24, line 19 | |||
http://www.iso.org/iso/en/ | http://www.iso.org/iso/en/ | |||
CatalogueDetailPage.CatalogueDetail?CSNUMBER=31142&ICS1=35&ICS2=40& | CatalogueDetailPage.CatalogueDetail?CSNUMBER=31142&ICS1=35&ICS2=40& | |||
ICS3= | ICS3= | |||
Open Systems Interconnection -- Network layer security protocol | Open Systems Interconnection -- Network layer security protocol | |||
http://www.iso.org/iso/en/ | http://www.iso.org/iso/en/ | |||
CatalogueDetailPage.CatalogueDetail?CSNUMBER=22084&ICS1=35&ICS2=100& | CatalogueDetailPage.CatalogueDetail?CSNUMBER=22084&ICS1=35&ICS2=100& | |||
ICS3=30 | ICS3=30 | |||
6.17. ISO JTC 1/SC 27 | 6.15. ISO JTC 1/SC 27 | |||
http://www.iso.ch/iso/en/stdsdevelopment/techprog/workprog/ | http://www.iso.ch/iso/en/stdsdevelopment/techprog/workprog/ | |||
TechnicalProgrammeSCDetailPage.TechnicalProgrammeSCDetail?COMMID=143 | TechnicalProgrammeSCDetailPage.TechnicalProgrammeSCDetail?COMMID=143 | |||
Several security related ISO projects under JTC 1/SC 27 are listed | Several security related ISO projects under JTC 1/SC 27 are listed | |||
here such as: | here such as: | |||
IT security techniques -- Entity authentication | IT security techniques -- Entity authentication | |||
Security techniques -- Key management | Security techniques -- Key management | |||
Security techniques -- Evaluation criteria for IT security | Security techniques -- Evaluation criteria for IT security | |||
Security techniques -- A framework for IT security assurance | Security techniques -- A framework for IT security assurance | |||
IT Security techniques -- Code of practice for information | IT Security techniques -- Code of practice for information | |||
security management | security management | |||
Security techniques -- IT network security | Security techniques -- IT network security | |||
skipping to change at page 24, line 21 | skipping to change at page 24, line 46 | |||
security management | security management | |||
Security techniques -- IT network security | Security techniques -- IT network security | |||
Guidelines for the implementation, operation and management of | Guidelines for the implementation, operation and management of | |||
Intrusion Detection Systems (IDS) | Intrusion Detection Systems (IDS) | |||
International Security, Trust, and Privacy Alliance -- Privacy | International Security, Trust, and Privacy Alliance -- Privacy | |||
Framework | Framework | |||
6.18. ITU-T Study Group 2 | 6.16. ITU-T Study Group 2 | |||
http://www.itu.int/ITU-T/studygroups/com02/index.asp | http://www.itu.int/ITU-T/studygroups/com02/index.asp | |||
Security related recommendations currently under study: | Security related recommendations currently under study: | |||
E.408 Telecommunication networks security requirements Q.5/2 (was | E.408 Telecommunication networks security requirements Q.5/2 (was | |||
E.sec1) | E.sec1) | |||
E.409 Incident Organisation and Security Incident Handling Q.5/2 | E.409 Incident Organisation and Security Incident Handling Q.5/2 | |||
(was E.sec2) | (was E.sec2) | |||
Note: Access requires TIES account. | Note: Access requires TIES account. | |||
6.19. ITU-T Recommendation M.3016 | 6.17. ITU-T Recommendation M.3016 | |||
http://www.itu.int/itudoc/itu-t/com4/contr/068.html | http://www.itu.int/itudoc/itu-t/com4/contr/068.html | |||
This recommendation provides an overview and framework that | This recommendation provides an overview and framework that | |||
identifies the security requirements of a TMN and outlines how | identifies the security requirements of a TMN and outlines how | |||
available security services and mechanisms can be applied within the | available security services and mechanisms can be applied within the | |||
context of the TMN functional architecture. | context of the TMN functional architecture. | |||
Question 18 of Study Group 3 is revising Recommendation M.3016. They | Question 18 of Study Group 3 is revising Recommendation M.3016. They | |||
have taken the original document and are incorporating thoughts from | have taken the original document and are incorporating thoughts from | |||
skipping to change at page 25, line 4 | skipping to change at page 25, line 28 | |||
identifies the security requirements of a TMN and outlines how | identifies the security requirements of a TMN and outlines how | |||
available security services and mechanisms can be applied within the | available security services and mechanisms can be applied within the | |||
context of the TMN functional architecture. | context of the TMN functional architecture. | |||
Question 18 of Study Group 3 is revising Recommendation M.3016. They | Question 18 of Study Group 3 is revising Recommendation M.3016. They | |||
have taken the original document and are incorporating thoughts from | have taken the original document and are incorporating thoughts from | |||
ITU-T Recommendation X.805 and from ANSI T1.276-2003. The group has | ITU-T Recommendation X.805 and from ANSI T1.276-2003. The group has | |||
produced a new series of documents. | produced a new series of documents. | |||
M.3016.0 - Overview | M.3016.0 - Overview | |||
M.3016.1 - Requirements | M.3016.1 - Requirements | |||
M.3016.2 - Services | M.3016.2 - Services | |||
M.3016.3 - Mechanisms | M.3016.3 - Mechanisms | |||
M.3016.4 - Profiles | M.3016.4 - Profiles | |||
6.20. ITU-T Recommendation X.805 | 6.18. ITU-T Recommendation X.805 | |||
http://www.itu.int/itudoc/itu-t/aap/sg17aap/history/x805/x805.html | http://www.itu.int/itudoc/itu-t/aap/sg17aap/history/x805/x805.html | |||
This Recommendation defines the general security-related | This Recommendation defines the general security-related | |||
architectural elements that, when appropriately applied, can provide | architectural elements that, when appropriately applied, can provide | |||
end-to-end network security. | end-to-end network security. | |||
6.21. ITU-T Study Group 16 | 6.19. ITU-T Study Group 16 | |||
http://www.itu.int/ITU-T/studygroups/com16/index.asp | http://www.itu.int/ITU-T/studygroups/com16/index.asp | |||
Security of Multimedia Systems and Services - Question G/16 | Multimedia Security in Next-Generation Networks (NGN-MM-SEC) | |||
http://www.itu.int/ITU-T/studygroups/com16/sg16-qg.html | http://www.itu.int/ITU-T/studygroups/com16/sg16-q25.html | |||
6.22. ITU-T Study Group 17 | 6.20. ITU-T Study Group 17 | |||
http://www.itu.int/ITU-T/studygroups/com17/index.asp | http://www.itu.int/ITU-T/studygroups/com17/index.asp | |||
ITU-T Study Group 17 is the Lead Study Group on Communication System | ITU-T Study Group 17 is the Lead Study Group on Communication System | |||
Security | Security | |||
http://www.itu.int/ITU-T/studygroups/com17/cssecurity.html | http://www.itu.int/ITU-T/studygroups/com17/cssecurity.html | |||
Study Group 17 Security Project: | Study Group 17 Security Project: | |||
http://www.itu.int/ITU-T/studygroups/com17/security/index.html | http://www.itu.int/ITU-T/studygroups/com17/security/index.html | |||
During its November 2002 meeting, Study Group 17 agreed to establish | During its November 2002 meeting, Study Group 17 agreed to establish | |||
a new project entitled "Security Project" under the leadership of | a new project entitled "Security Project" under the leadership of | |||
Q.10/17 to coordinate the ITU-T standardization effort on security. | Q.10/17 to coordinate the ITU-T standardization effort on security. | |||
An analysis of the status on ITU-T Study Group action on information | An analysis of the status on ITU-T Study Group action on information | |||
and communication network security may be found in TSB Circular 147 | and communication network security may be found in TSB Circular 147 | |||
of 14 February 2003. | of 14 February 2003. | |||
6.23. Catalogue of ITU-T Recommendations related to Communications | 6.21. Catalogue of ITU-T Recommendations related to Communications | |||
System Security | System Security | |||
http://www.itu.int/itudoc/itu-t/com17/activity/cat004.html | http://www.itu.int/itudoc/itu-t/com17/activity/cat004.html | |||
The Catalogue of the approved security Recommendations include those, | The Catalogue of the approved security Recommendations include those, | |||
designed for security purposes and those, which describe or use of | designed for security purposes and those, which describe or use of | |||
functions of security interest and need. Although some of the | functions of security interest and need. Although some of the | |||
security related Recommendations includes the phrase "Open Systems | security related Recommendations includes the phrase "Open Systems | |||
Interconnection", much of the information contained in them is | Interconnection", much of the information contained in them is | |||
pertinent to the establishment of security functionality in any | pertinent to the establishment of security functionality in any | |||
communicating system. | communicating system. | |||
6.24. ITU-T Security Manual | 6.22. ITU-T Security Manual | |||
http://www.itu.int/ITU-T/edh/files/security-manual.pdf | http://www.itu.int/ITU-T/edh/files/security-manual.pdf | |||
TSB is preparing an "ITU-T Security Manual" to provide an overview on | TSB is preparing an "ITU-T Security Manual" to provide an overview on | |||
security in telecommunications and information technologies, describe | security in telecommunications and information technologies, describe | |||
practical issues, and indicate how the different aspects of security | practical issues, and indicate how the different aspects of security | |||
in today's applications are addressed by ITU-T Recommendations. This | in today's applications are addressed by ITU-T Recommendations. This | |||
manual has a tutorial character: it collects security related | manual has a tutorial character: it collects security related | |||
material from ITU-T Recommendations into one place and explains the | material from ITU-T Recommendations into one place and explains the | |||
respective relationships. The intended audience for this manual is | respective relationships. The intended audience for this manual are | |||
engineers and product managers, students and academia, as well as | engineers and product managers, students and academia, as well as | |||
regulators who want to better understand security aspects in | regulators who want to better understand security aspects in | |||
practical applications. | practical applications. | |||
6.25. ITU-T NGN Effort | 6.23. ITU-T NGN Effort | |||
http://www.itu.int/ITU-T/2001-2004/com13/ngn2004/index.html | http://www.itu.int/ITU-T/2001-2004/com13/ngn2004/index.html | |||
During its January 2002 meeting, SG13 decided to undertake the | During its January 2002 meeting, SG13 decided to undertake the | |||
preparation of a new ITU-T Project entitled "NGN 2004 Project". At | preparation of a new ITU-T Project entitled "NGN 2004 Project". At | |||
the November 2002 SG13 meeting, a preliminary description of the | the November 2002 SG13 meeting, a preliminary description of the | |||
Project was achieved and endorsed by SG13 with the goal to launch the | Project was achieved and endorsed by SG13 with the goal to launch the | |||
Project. It is regularly updated since then. | Project. It is regularly updated since then. | |||
The role of the NGN 2004 Project is to organize and to coordinate | The role of the NGN 2004 Project is to organize and to coordinate | |||
ITU-T activities on Next Generation Networks. Its target is to | ITU-T activities on Next Generation Networks. Its target is to | |||
produce a first set of Recommendations on NGN by the end of this | produce a first set of Recommendations on NGN by the end of this | |||
study period, i.e. mid-2004. | study period, i.e. mid-2004. | |||
6.26. NRIC VI Focus Groups | 6.24. NRIC VI Focus Groups | |||
http://www.nric.org/fg/index.html | http://www.nric.org/fg/index.html | |||
The Network Reliability and Interoperability Council (NRIC) was | The Network Reliability and Interoperability Council (NRIC) was | |||
formed with the purpose to provide recommendations to the FCC and to | formed with the purpose to provide recommendations to the FCC and to | |||
the industry to assure the reliability and interoperability of | the industry to assure the reliability and interoperability of | |||
wireless, wireline, satellite, and cable public telecommunications | wireless, wireline, satellite, and cable public telecommunications | |||
networks. These documents provide general information and guidance | networks. These documents provide general information and guidance | |||
on NRIC Focus Group 1B (Cybersecurity) Best Practices for the | on NRIC Focus Group 1B (Cybersecurity) Best Practices for the | |||
prevention of cyberattack and for restoration following a | prevention of cyberattack and for restoration following a | |||
skipping to change at page 27, line 17 | skipping to change at page 27, line 43 | |||
Documents: | Documents: | |||
Homeland Defense - Recommendations Published 14-Mar-03 | Homeland Defense - Recommendations Published 14-Mar-03 | |||
Preventative Best Practices - Recommendations Published 14-Mar-03 | Preventative Best Practices - Recommendations Published 14-Mar-03 | |||
Recovery Best Practices - Recommendations Published 14-Mar-03 | Recovery Best Practices - Recommendations Published 14-Mar-03 | |||
Best Practice Appendices - Recommendations Published 14-Mar-03 | Best Practice Appendices - Recommendations Published 14-Mar-03 | |||
6.27. OASIS Security Joint Committee | 6.25. OASIS Security Joint Committee | |||
http://www.oasis-open.org/committees/ | http://www.oasis-open.org/committees/ | |||
tc_home.php?wg_abbrev=security-jc | tc_home.php?wg_abbrev=security-jc | |||
The purpose of the Security JC is to coordinate the technical | The purpose of the Security JC is to coordinate the technical | |||
activities of multiple security related TCs. The SJC is advisory | activities of multiple security related TCs. The SJC is advisory | |||
only, and has no deliverables. The Security JC will promote the use | only, and has no deliverables. The Security JC will promote the use | |||
of consistent terms, promote re-use, champion an OASIS security | of consistent terms, promote re-use, champion an OASIS security | |||
standards model, provide consistent PR, and promote mutuality, | standards model, provide consistent PR, and promote mutuality, | |||
operational independence and ethics. | operational independence and ethics. | |||
6.28. OASIS Security Services TC | 6.26. OASIS Security Services (SAML) TC | |||
http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security | http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security | |||
The Security Services TC is working to advance the Security Assertion | The Security Services TC is working to advance the Security Assertion | |||
Markup Language (SAML) as an OASIS standard. SAML is an XML | Markup Language (SAML) as an OASIS standard. SAML is an XML | |||
framework for exchanging authentication and authorization | framework for exchanging authentication and authorization | |||
information. | information. | |||
6.29. OIF Implementation Agreements | 6.27. OIF Implementation Agreements | |||
The OIF has 2 approved Implementation Agreements (IAs) relating to | The OIF has 2 approved Implementation Agreements (IAs) relating to | |||
security. They are: | security. They are: | |||
OIF-SMI-01.0 - Security Management Interfaces to Network Elements | OIF-SMI-01.0 - Security Management Interfaces to Network Elements | |||
This Implementation Agreement lists objectives for securing OAM&P | This Implementation Agreement lists objectives for securing OAM&P | |||
interfaces to a Network Element and then specifies ways of using | interfaces to a Network Element and then specifies ways of using | |||
security systems (e.g., IPsec or TLS) for securing these interfaces. | security systems (e.g., IPsec or TLS) for securing these interfaces. | |||
It summarizes how well each of the systems, used as specified, | It summarizes how well each of the systems, used as specified, | |||
skipping to change at page 28, line 4 | skipping to change at page 28, line 29 | |||
OIF-SMI-01.0 - Security Management Interfaces to Network Elements | OIF-SMI-01.0 - Security Management Interfaces to Network Elements | |||
This Implementation Agreement lists objectives for securing OAM&P | This Implementation Agreement lists objectives for securing OAM&P | |||
interfaces to a Network Element and then specifies ways of using | interfaces to a Network Element and then specifies ways of using | |||
security systems (e.g., IPsec or TLS) for securing these interfaces. | security systems (e.g., IPsec or TLS) for securing these interfaces. | |||
It summarizes how well each of the systems, used as specified, | It summarizes how well each of the systems, used as specified, | |||
satisfies the objectives. | satisfies the objectives. | |||
OIF - SEP - 01.1 - Security Extension for UNI and NNI | OIF - SEP - 01.1 - Security Extension for UNI and NNI | |||
This Implementation Agreement defines a common Security Extension for | This Implementation Agreement defines a common Security Extension for | |||
securing the protocols used in UNI 1.0, UNI 2.0, and NNI. | securing the protocols used in UNI 1.0, UNI 2.0, and NNI. | |||
Documents: http://www.oiforum.com/public/documents/Security-IA.pdf | Documents: http://www.oiforum.com/public/documents/Security-IA.pdf | |||
6.30. TIA | 6.28. TIA | |||
The TIA has produced the "Compendium of Emergency Communications and | The TIA has produced the "Compendium of Emergency Communications and | |||
Communications Network Security-related Work Activities". This | Communications Network Security-related Work Activities". This | |||
document identifies standards, or other technical documents and | document identifies standards, or other technical documents and | |||
ongoing Emergency/Public Safety Communications and Communications | ongoing Emergency/Public Safety Communications and Communications | |||
Network Security-related work activities within TIA and it's | Network Security-related work activities within TIA and it's | |||
Engineering Committees. Many P25 documents are specifically | Engineering Committees. Many P25 documents are specifically | |||
detailed. This "living document" is presented for information, | detailed. This "living document" is presented for information, | |||
coordination and reference. | coordination and reference. | |||
Documents: http://www.tiaonline.org/standards/cip/EMTEL_sec.pdf | Documents: http://www.tiaonline.org/standards/technology/ciphs/ | |||
documents/EMTEL_sec.pdf | ||||
6.31. WS-I Basic Security Profile | 6.29. WS-I Basic Security Profile | |||
http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html | http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html | |||
The WS-I Basic Security Profile 1.0 consists of a set of non- | The WS-I Basic Security Profile 1.0 consists of a set of non- | |||
proprietary Web services specifications, along with clarifications | proprietary Web services specifications, along with clarifications | |||
and amendments to those specifications which promote | and amendments to those specifications which promote | |||
interoperability. | interoperability. | |||
7. Security Considerations | 7. Security Considerations | |||
This document describes efforts to standardize security practices and | This document describes efforts to standardize security practices and | |||
documents. As such this document offers no security guidance | documents. As such this document offers no security guidance | |||
whatsoever. | whatsoever. | |||
skipping to change at page 33, line 12 | skipping to change at page 34, line 12 | |||
-03 : Third revision of the WG ID. | -03 : Third revision of the WG ID. | |||
Updated the date. | Updated the date. | |||
Updated the information about the CC | Updated the information about the CC | |||
Added a Conventions section (not sure how this document got to | Added a Conventions section (not sure how this document got to | |||
where it is without that) | where it is without that) | |||
-04 : Fourth revision of the WG ID. | ||||
Updated the date. | ||||
Added Anne & Lynn Wheeler Taxonomy & Security Glossary | ||||
CIAO glossary removed. CIAO has been absorbed by DHS and the | ||||
glossary is no longer available. | ||||
USC glossary removed, could not find it on the site or a reference | ||||
to it elsewhere. | ||||
Added TTA - Telecommunications Technology Association to SDO | ||||
section. | ||||
Removed ATIS Security & Emergency Preparedness Activities from | ||||
Documents section. Could not find it or a reference to it. | ||||
INCITS T4 incorporated into CS1 - T4 section removed | ||||
X9 Added to SDO list under ANSI | ||||
Various link or grammar fixes. | ||||
Note: This section will be removed before publication as an RFC. | Note: This section will be removed before publication as an RFC. | |||
11. Normative References | 11. Normative References | |||
[1] Bradner, S., "Key words for use in RFCs to Indicate Requirement | [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement | |||
Levels", RFC 2119, STD 14, March 1997. | Levels", RFC 2119, STD 14, March 1997. | |||
Authors' Addresses | Authors' Addresses | |||
Chris Lonvick | Chris Lonvick | |||
End of changes. 92 change blocks. | ||||
215 lines changed or deleted | 241 lines changed or added | |||
This html diff was produced by rfcdiff 1.32. The latest version is available from http://www.levkowetz.com/ietf/tools/rfcdiff/ |