draft-ietf-opsec-efforts-16.txt   draft-ietf-opsec-efforts-17.txt 
Network Working Group C. Lonvick Network Working Group C. Lonvick
Internet-Draft D. Spak Internet-Draft D. Spak
Intended status: Informational Cisco Systems Intended status: Informational Cisco Systems
Expires: September 27, 2011 March 26, 2011 Expires: March 26, 2012 September 23, 2011
Security Best Practices Efforts and Documents Security Best Practices Efforts and Documents
draft-ietf-opsec-efforts-16.txt draft-ietf-opsec-efforts-17.txt
Abstract Abstract
This document provides a snapshot of the current efforts to define or This document provides a snapshot of the current efforts to define or
apply security requirements in various Standards Developing apply security requirements in various Standards Developing
Organizations (SDO). Organizations (SDO).
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted to IETF in full conformance with the
skipping to change at page 1, line 38 skipping to change at page 1, line 38
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on September 27, 2011. This Internet-Draft will expire on March 26, 2012.
Copyright Notice Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 9, line 17 skipping to change at page 9, line 17
http://www.microsoft.com/security/glossary.mspx http://www.microsoft.com/security/glossary.mspx
The Microsoft Malware Protection Center, Threat Research and Response The Microsoft Malware Protection Center, Threat Research and Response
Glossary was created to explain the concepts, technologies, and Glossary was created to explain the concepts, technologies, and
products associated with computer security. products associated with computer security.
Date published: indeterminate Date published: indeterminate
3.5. SANS Glossary of Security Terms 3.5. SANS Glossary of Security Terms
http://www.sans.org/resources/glossary.php http://www.sans.org/security-resources/glossary-of-terms/
The SANS Institute (SysAdmin, Audit, Network, Security) was created The SANS Institute (SysAdmin, Audit, Network, Security) was created
in 1989 as, "a cooperative research and education organization." in 1989 as, "a cooperative research and education organization."
This glossary was pdated in May 2003. The SANS Institute is also This glossary was updated in May 2003. The SANS Institute is also
home to many other resources including the SANS Intrusion Detection home to many other resources including the SANS Intrusion Detection
FAQ and the SANS/FBI Top 20 Vulnerabilities List. FAQ and the SANS/FBI Top 20 Vulnerabilities List.
Date published: indeterminate Date published: indeterminate
3.6. Security Taxonomy and Glossary - Anne & Lynn Wheeler 3.6. Security Taxonomy and Glossary - Anne & Lynn Wheeler
http://www.garlic.com/~lynn/secure.htm http://www.garlic.com/~lynn/secure.htm
Anne and Lynn Wheeler maintain a security taxonomy and glossary with Anne and Lynn Wheeler maintain a security taxonomy and glossary with
skipping to change at page 9, line 43 skipping to change at page 9, line 43
FFIEC, FJC, FTC, IATF V3 (IATF site), IEEE610, ITSEC, Intel, JTC1/ FFIEC, FJC, FTC, IATF V3 (IATF site), IEEE610, ITSEC, Intel, JTC1/
SC27 (SC27 site), KeyAll, MSC, NIST 800-30, 800-33, 800-37, 800-53, SC27 (SC27 site), KeyAll, MSC, NIST 800-30, 800-33, 800-37, 800-53,
800-61, 800-77, 800-83 FIPS140, NASA, NCSC/TG004, NIAP, NSA 800-61, 800-77, 800-83 FIPS140, NASA, NCSC/TG004, NIAP, NSA
Intrusion, CNSSI 4009, online security study, RFC1983, RFC2504, Intrusion, CNSSI 4009, online security study, RFC1983, RFC2504,
RFC2647, RFC2828, TCSEC, TDI, and TNI. RFC2647, RFC2828, TCSEC, TDI, and TNI.
Date updated: October 2010 Date updated: October 2010
3.7. NIST - Glossary of Key Information Security Terms 3.7. NIST - Glossary of Key Information Security Terms
http://csrc.nist.gov/publications/nistir/ http://csrc.nist.gov/publications/nistir/ir7298-rev1/
NISTIR-7298_Glossary_Key_Infor_Security_Terms.pdf nistir-7298-revision1.pdf
This glossary of basic security terms has been extracted from NIST This glossary of basic security terms has been extracted from NIST
Federal Information Processing Standards (FIPS) and the Special Federal Information Processing Standards (FIPS) and the Special
Publication (SP) 800 series. The terms included are not all Publication (SP) 800 series. The terms included are not all
inclusive of terms found in these publications, but are a subset of inclusive of terms found in these publications, but are a subset of
basic terms that are most frequently used. The purpose of this basic terms that are most frequently used. The purpose of this
glossary is to provide a central resource of definitions most glossary is to provide a central resource of definitions most
commonly used in NIST security publications. commonly used in NIST security publications.
Date published: April 2006 Date originally published: April 2006
Date of this update: February 2100
4. Standards Developing Organizations 4. Standards Developing Organizations
This section of this document lists the SDOs, or organizations that This section of this document lists the SDOs, or organizations that
appear to be developing security related standards. These SDOs are appear to be developing security related standards. These SDOs are
listed in alphabetical order. listed in alphabetical order.
Note: The authors would appreciate corrections and additions. This Note: The authors would appreciate corrections and additions. This
note will be removed before publication as an RFC. note will be removed before publication as an RFC.
skipping to change at page 38, line 13 skipping to change at page 38, line 13
IANA to do anything. IANA to do anything.
8. Acknowledgments 8. Acknowledgments
The following people have contributed to this document. Listing The following people have contributed to this document. Listing
their names here does not mean that they endorse the document, but their names here does not mean that they endorse the document, but
that they have contributed to its substance. that they have contributed to its substance.
David Black, Mark Ellison, George Jones, Keith McCloghrie, John David Black, Mark Ellison, George Jones, Keith McCloghrie, John
McDonough, Art Reilly, Chip Sharp, Dane Skow, Michael Hammer, Bruce McDonough, Art Reilly, Chip Sharp, Dane Skow, Michael Hammer, Bruce
Moon, Stephen Kent, Steve Wolff, Bob Natale. Moon, Stephen Kent, Steve Wolff, Bob Natale, Marek Lukaszuk.
9. Changes from Prior Drafts 9. Changes from Prior Drafts
-00 : Initial draft published as draft-lonvick-sec-efforts-01.txt -00 : Initial draft published as draft-lonvick-sec-efforts-01.txt
-01 : Security Glossaries: -01 : Security Glossaries:
Added ATIS Telecom Glossary 2000, Critical Infrastructure Added ATIS Telecom Glossary 2000, Critical Infrastructure
Glossary of Terms and Acronyms, Microsoft Solutions for Glossary of Terms and Acronyms, Microsoft Solutions for
Security Glossary, and USC InfoSec Glossary. Security Glossary, and USC InfoSec Glossary.
skipping to change at page 42, line 12 skipping to change at page 42, line 12
Removed WS-I as they have merged with OASIS. Removed WS-I as they have merged with OASIS.
Added TM Forum. Added TM Forum.
-16 : Sixteenth revision of the WG ID. -16 : Sixteenth revision of the WG ID.
Updated the date and reviewed the accuracy of Section 5. Several Updated the date and reviewed the accuracy of Section 5. Several
changes made. changes made.
-17 : Seventeenth revision of the WG ID.
Updated the date and reviewed the accuracy of Section 3. A couple
of changes made.
Note: This section will be removed before publication as an RFC. Note: This section will be removed before publication as an RFC.
Authors' Addresses Authors' Addresses
Chris Lonvick Chris Lonvick
Cisco Systems Cisco Systems
12515 Research Blvd. 12515 Research Blvd.
Austin, Texas 78759 Austin, Texas 78759
US US
 End of changes. 9 change blocks. 
9 lines changed or deleted 16 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/