--- 1/draft-ietf-opsec-efforts-07.txt 2008-06-06 23:12:29.000000000 +0200 +++ 2/draft-ietf-opsec-efforts-08.txt 2008-06-06 23:12:29.000000000 +0200 @@ -1,18 +1,18 @@ Network Working Group C. Lonvick Internet-Draft D. Spak -Expires: June 19, 2008 Cisco Systems - December 17, 2007 +Expires: December 8, 2008 Cisco Systems + June 6, 2008 Security Best Practices Efforts and Documents - draft-ietf-opsec-efforts-07.txt + draft-ietf-opsec-efforts-08.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that @@ -23,41 +23,41 @@ and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. - This Internet-Draft will expire on June 19, 2008. + This Internet-Draft will expire on December 8, 2008. Copyright Notice - Copyright (C) The IETF Trust (2007). + Copyright (C) The IETF Trust (2008). Abstract This document provides a snapshot of the current efforts to define or apply security requirements in various Standards Developing Organizations (SDO). Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5 2. Format of this Document . . . . . . . . . . . . . . . . . . . 7 3. Online Security Glossaries . . . . . . . . . . . . . . . . . . 8 3.1. ATIS Telecom Glossary 2000 . . . . . . . . . . . . . . . . 8 - 3.2. Internet Security Glossary - RFC 2828 . . . . . . . . . . 8 + 3.2. Internet Security Glossary - RFC 4949 . . . . . . . . . . 8 3.3. Compendium of Approved ITU-T Security Definitions . . . . 8 - 3.4. Microsoft Solutions for Security Glossary . . . . . . . . 9 + 3.4. Microsoft Solutions for Security Glossary . . . . . . . . 8 3.5. SANS Glossary of Security Terms . . . . . . . . . . . . . 9 3.6. Security Taxonomy and Glossary - Anne & Lynn Wheeler . . . 9 4. Standards Developing Organizations . . . . . . . . . . . . . . 10 4.1. 3GPP - Third Generation Partnership Project . . . . . . . 10 4.2. 3GPP2 - Third Generation Partnership Project 2 . . . . . . 10 4.3. ANSI - The American National Standards Institute . . . . . 10 4.3.1. Accredited Standards Committee X9 (ASC X9) . . . . . . 10 4.4. ATIS - Alliance for Telecommunications Industry Solutions . . . . . . . . . . . . . . . . . . . . . . . . 11 4.4.1. ATIS NIPP - Network Interface, Power, and @@ -140,22 +140,22 @@ 5.24. NRIC VI Focus Groups . . . . . . . . . . . . . . . . . . . 26 5.25. OASIS Security Joint Committee . . . . . . . . . . . . . . 26 5.26. OASIS Security Services (SAML) TC . . . . . . . . . . . . 27 5.27. OIF Implementation Agreements . . . . . . . . . . . . . . 27 5.28. TIA . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 5.29. WS-I Basic Security Profile . . . . . . . . . . . . . . . 28 6. Security Considerations . . . . . . . . . . . . . . . . . . . 29 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 31 9. Changes from Prior Drafts . . . . . . . . . . . . . . . . . . 32 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 34 - Intellectual Property and Copyright Statements . . . . . . . . . . 35 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 35 + Intellectual Property and Copyright Statements . . . . . . . . . . 36 1. Introduction The Internet is being recognized as a critical infrastructure similar in nature to the power grid and a potable water supply. Just like those infrastructures, means are needed to provide resiliency and adaptability to the Internet so that it remains consistently available to the public throughout the world even during times of duress or attack. For this reason, many SDOs are developing standards with hopes of retaining an acceptable level, or even @@ -231,42 +231,29 @@ http://www.atis.org/tg2k/ Under an approved T1 standards project (T1A1-20), an existing 5800- entry, search-enabled hypertext telecommunications glossary titled Federal Standard 1037C, Glossary of Telecommunication Terms was updated and matured into this glossary, T1.523-2001, Telecom Glossary 2000. This updated glossary was posted on the Web as an American National Standard (ANS). -3.2. Internet Security Glossary - RFC 2828 +3.2. Internet Security Glossary - RFC 4949 - http://www.ietf.org/rfc/rfc2828.txt + http://www.ietf.org/rfc/rfc4949.txt - Created in May 2000, the document defines itself to be, "an + This document was originally created as RFC 2828 in May 2000. It was + revised as RFC 4949 and the document defines itself to be, "an internally consistent, complementary set of abbreviations, definitions, explanations, and recommendations for use of terminology - related to information system security." The glossary makes the - distinction of the listed definitions throughout the document as - being: - - o a recommended Internet definition - - o a recommended non-Internet definition - - o not recommended as the first choice for Internet documents but - something that an author of an Internet document would need to - know - - o a definition that shouldn't be used in Internet documents - - o additional commentary or usage guidance + related to information system security." 3.3. Compendium of Approved ITU-T Security Definitions http://www.itu.int/itudoc/itu-t/com17/activity/def004.html Addendum to the Compendium of the Approved ITU-T Security-related Definitions http://www.itu.int/itudoc/itu-t/com17/activity/add002.html These extensive materials were created from approved ITU-T @@ -1267,20 +1254,28 @@ Updated the date. Removed the 2119 definitions; this is an informational document. -06 : Sixth revision of the WG ID. Updated the date. Added W3C information. + -07 : Seventh revision of the WG ID. + + Updated the date. + + -08 : Eighth revision of the WG ID. + + Updated the reference to RFC 4949, found by Stephen Kent. + Note: This section will be removed before publication as an RFC. Authors' Addresses Chris Lonvick Cisco Systems 12515 Research Blvd. Austin, Texas 78759 US @@ -1291,21 +1286,21 @@ Cisco Systems 12515 Research Blvd. Austin, Texas 78759 US Phone: +1 512 378 1720 Email: dspak@cisco.com Full Copyright Statement - Copyright (C) The IETF Trust (2007). + Copyright (C) The IETF Trust (2008). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF