--- 1/draft-ietf-opsec-efforts-09.txt 2009-04-14 02:12:04.000000000 +0200 +++ 2/draft-ietf-opsec-efforts-10.txt 2009-04-14 02:12:04.000000000 +0200 @@ -1,43 +1,52 @@ Network Working Group C. Lonvick Internet-Draft D. Spak -Expires: June 14, 2009 Cisco Systems - December 11, 2008 +Expires: October 15, 2009 Cisco Systems + April 13, 2009 Security Best Practices Efforts and Documents - draft-ietf-opsec-efforts-09.txt + draft-ietf-opsec-efforts-10.txt Status of this Memo - By submitting this Internet-Draft, each author represents that any - applicable patent or other IPR claims of which he or she is aware - have been or will be disclosed, and any of which he or she becomes - aware will be disclosed, in accordance with Section 6 of BCP 79. + This Internet-Draft is submitted to IETF in full conformance with the + provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. - This Internet-Draft will expire on June 14, 2009. + This Internet-Draft will expire on October 15, 2009. + +Copyright Notice + + Copyright (c) 2009 IETF Trust and the persons identified as the + document authors. All rights reserved. + + This document is subject to BCP 78 and the IETF Trust's Legal + Provisions Relating to IETF Documents in effect on the date of + publication of this document (http://trustee.ietf.org/license-info). + Please review these documents carefully, as they describe your rights + and restrictions with respect to this document. Abstract This document provides a snapshot of the current efforts to define or apply security requirements in various Standards Developing Organizations (SDO). Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5 @@ -132,26 +141,28 @@ 5.21. Catalogue of ITU-T Recommendations related to Communications System Security . . . . . . . . . . . . . . 25 5.22. ITU-T Security Manual . . . . . . . . . . . . . . . . . . 25 5.23. ITU-T NGN Effort . . . . . . . . . . . . . . . . . . . . . 26 5.24. NRIC VI Focus Groups . . . . . . . . . . . . . . . . . . . 26 5.25. OASIS Security Joint Committee . . . . . . . . . . . . . . 26 5.26. OASIS Security Services (SAML) TC . . . . . . . . . . . . 27 5.27. OIF Implementation Agreements . . . . . . . . . . . . . . 27 5.28. TIA . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 5.29. WS-I Basic Security Profile . . . . . . . . . . . . . . . 28 + 5.30. NIST Special Publications (800 Series) . . . . . . . . . . 28 + 5.31. NIST Interagency or Internal Reports (NISTIRs) . . . . . . 28 + 5.32. NIST ITL Security Bulletins . . . . . . . . . . . . . . . 28 6. Security Considerations . . . . . . . . . . . . . . . . . . . 29 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 31 9. Changes from Prior Drafts . . . . . . . . . . . . . . . . . . 32 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 35 - Intellectual Property and Copyright Statements . . . . . . . . . . 36 1. Introduction The Internet is being recognized as a critical infrastructure similar in nature to the power grid and a potable water supply. Just like those infrastructures, means are needed to provide resiliency and adaptability to the Internet so that it remains consistently available to the public throughout the world even during times of duress or attack. For this reason, many SDOs are developing standards with hopes of retaining an acceptable level, or even @@ -1134,20 +1145,57 @@ 5.29. WS-I Basic Security Profile http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html The WS-I Basic Security Profile 1.0 consists of a set of non- proprietary Web services specifications, along with clarifications and amendments to those specifications which promote interoperability. +5.30. NIST Special Publications (800 Series) + + http://csrc.nist.gov/publications/PubsSPs.html + + Special Publications in the 800 series present documents of general + interest to the computer security community. The Special Publication + 800 series was established in 1990 to provide a separate identity for + information technology security publications. This Special + Publication 800 series reports on ITL's research, guidelines, and + outreach efforts in computer security, and its collaborative + activities with industry, government, and academic organizations. + +5.31. NIST Interagency or Internal Reports (NISTIRs) + + http://csrc.nist.gov/publications/PubsNISTIRs.html + + NIST Interagency or Internal Reports (NISTIRs) describe research of a + technical nature of interest to a specialized audience. The series + includes interim or final reports on work performed by NIST for + outside sponsors (both government and nongovernment). NISTIRs may + also report results of NIST projects of transitory or limited + interest, including those that will be published subsequently in more + comprehensive form. + +5.32. NIST ITL Security Bulletins + + http://csrc.nist.gov/publications/PubsITLSB.html + + ITL Bulletins are published by NIST's Information Technology + Laboratory, with most bulletins written by the Computer Security + Division. These bulletins are published on the average of six times + a year. Each bulletin presents an in-depth discussion of a single + topic of significant interest to the information systems community. + Not all of ITL Bulletins that are published relate to computer / + network security. Only the computer security ITL Bulletins are found + here. + 6. Security Considerations This document describes efforts to standardize security practices and documents. As such this document offers no security guidance whatsoever. Readers of this document should be aware of the date of publication of this document. It is feared that they may assume that the efforts, on-line material, and documents are current whereas they may not be. Please consider this when reading this document. @@ -1262,20 +1310,25 @@ Updated the date. -08 : Eighth revision of the WG ID. Updated the reference to RFC 4949, found by Stephen Kent. -09 : Nineth revision of the WG ID. Updated the date. + -10 : Tenth revision of the WG ID. + + Added references to NIST documents, recommended by Steve Wolff. + Updated the date. + Note: This section will be removed before publication as an RFC. Authors' Addresses Chris Lonvick Cisco Systems 12515 Research Blvd. Austin, Texas 78759 US @@ -1283,50 +1336,10 @@ Email: clonvick@cisco.com David Spak Cisco Systems 12515 Research Blvd. Austin, Texas 78759 US Phone: +1 512 378 1720 Email: dspak@cisco.com - -Full Copyright Statement - - Copyright (C) The IETF Trust (2008). - - This document is subject to the rights, licenses and restrictions - contained in BCP 78, and except as set forth therein, the authors - retain all their rights. - - This document and the information contained herein are provided on an - "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS - OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND - THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS - OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF - THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED - WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. - -Intellectual Property - - The IETF takes no position regarding the validity or scope of any - Intellectual Property Rights or other rights that might be claimed to - pertain to the implementation or use of the technology described in - this document or the extent to which any license under such rights - might or might not be available; nor does it represent that it has - made any independent effort to identify any such rights. Information - on the procedures with respect to rights in RFC documents can be - found in BCP 78 and BCP 79. - - Copies of IPR disclosures made to the IETF Secretariat and any - assurances of licenses to be made available, or the result of an - attempt made to obtain a general license or permission for the use of - such proprietary rights by implementers or users of this - specification can be obtained from the IETF on-line IPR repository at - http://www.ietf.org/ipr. - - The IETF invites any interested party to bring to its attention any - copyrights, patents or patent applications, or other proprietary - rights that may cover technology that may be required to implement - this standard. Please address the information to the IETF at - ietf-ipr@ietf.org.