draft-ietf-opsec-efforts-17.txt | draft-ietf-opsec-efforts-18.txt | |||
---|---|---|---|---|
Network Working Group C. Lonvick | Network Working Group C. Lonvick | |||
Internet-Draft D. Spak | Internet-Draft D. Spak | |||
Intended status: Informational Cisco Systems | Intended status: Informational Cisco Systems | |||
Expires: March 26, 2012 September 23, 2011 | Expires: October 20, 2012 April 18, 2012 | |||
Security Best Practices Efforts and Documents | Security Best Practices Efforts and Documents | |||
draft-ietf-opsec-efforts-17.txt | draft-ietf-opsec-efforts-18.txt | |||
Abstract | Abstract | |||
This document provides a snapshot of the current efforts to define or | This document provides a snapshot of the current efforts to define or | |||
apply security requirements in various Standards Developing | apply security requirements in various Standards Developing | |||
Organizations (SDO). | Organizations (SDO). | |||
Status of this Memo | Status of this Memo | |||
This Internet-Draft is submitted to IETF in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF). Note that other groups may also distribute | |||
other groups may also distribute working documents as Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
Drafts. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
The list of current Internet-Drafts can be accessed at | This Internet-Draft will expire on October 20, 2012. | |||
http://www.ietf.org/ietf/1id-abstracts.txt. | ||||
The list of Internet-Draft Shadow Directories can be accessed at | ||||
http://www.ietf.org/shadow.html. | ||||
This Internet-Draft will expire on March 26, 2012. | ||||
Copyright Notice | Copyright Notice | |||
Copyright (c) 2011 IETF Trust and the persons identified as the | Copyright (c) 2012 IETF Trust and the persons identified as the | |||
document authors. All rights reserved. | document authors. All rights reserved. | |||
This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
(http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
publication of this document. Please review these documents | publication of this document. Please review these documents | |||
carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
described in the BSD License. | described in the Simplified BSD License. | |||
Table of Contents | Table of Contents | |||
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
2. Format of this Document . . . . . . . . . . . . . . . . . . . 6 | 2. Format of this Document . . . . . . . . . . . . . . . . . . . 6 | |||
3. Online Security Glossaries . . . . . . . . . . . . . . . . . . 7 | 3. Online Security Glossaries . . . . . . . . . . . . . . . . . . 7 | |||
3.1. ATIS Telecom Glossary 2007 . . . . . . . . . . . . . . . . 7 | 3.1. ATIS Telecom Glossary 2007 . . . . . . . . . . . . . . . . 7 | |||
3.2. Internet Security Glossary - RFC 4949 . . . . . . . . . . 7 | 3.2. Internet Security Glossary - RFC 4949 . . . . . . . . . . 7 | |||
3.3. Compendium of Approved ITU-T Security Definitions . . . . 7 | 3.3. Compendium of Approved ITU-T Security Definitions . . . . 7 | |||
3.4. Microsoft Malware Protection Center . . . . . . . . . . . 8 | 3.4. Microsoft Malware Protection Center . . . . . . . . . . . 8 | |||
skipping to change at page 2, line 33 | skipping to change at page 2, line 29 | |||
4.2. 3GPP2 - Third Generation Partnership Project 2 . . . . . . 10 | 4.2. 3GPP2 - Third Generation Partnership Project 2 . . . . . . 10 | |||
4.3. ANSI - The American National Standards Institute . . . . . 11 | 4.3. ANSI - The American National Standards Institute . . . . . 11 | |||
4.3.1. Accredited Standards Committee X9 (ASC X9) . . . . . . 11 | 4.3.1. Accredited Standards Committee X9 (ASC X9) . . . . . . 11 | |||
4.4. ATIS - Alliance for Telecommunications Industry | 4.4. ATIS - Alliance for Telecommunications Industry | |||
Solutions . . . . . . . . . . . . . . . . . . . . . . . . 11 | Solutions . . . . . . . . . . . . . . . . . . . . . . . . 11 | |||
4.4.1. ATIS NPRQ - Network Performance, Reliability, and | 4.4.1. ATIS NPRQ - Network Performance, Reliability, and | |||
Quality of Service Committee, formerly T1A1 . . . . . 12 | Quality of Service Committee, formerly T1A1 . . . . . 12 | |||
4.4.2. ATIS TMOC - Telecom Management and Operations | 4.4.2. ATIS TMOC - Telecom Management and Operations | |||
Committee, formerly T1M1 OAM&P . . . . . . . . . . . . 13 | Committee, formerly T1M1 OAM&P . . . . . . . . . . . . 13 | |||
4.5. CC - Common Criteria . . . . . . . . . . . . . . . . . . . 13 | 4.5. CC - Common Criteria . . . . . . . . . . . . . . . . . . . 13 | |||
4.6. DMTF - Distributed Management Task Force, Inc. . . . . . . 13 | 4.6. DMTF - Distributed Management Task Force, Inc. . . . . . . 14 | |||
4.7. ETSI - The European Telecommunications Standard | 4.7. ETSI - The European Telecommunications Standard | |||
Institute . . . . . . . . . . . . . . . . . . . . . . . . 14 | Institute . . . . . . . . . . . . . . . . . . . . . . . . 14 | |||
4.7.1. ETSI SEC . . . . . . . . . . . . . . . . . . . . . . . 14 | 4.7.1. ETSI SEC . . . . . . . . . . . . . . . . . . . . . . . 15 | |||
4.7.2. ETSI OCG SEC . . . . . . . . . . . . . . . . . . . . . 14 | 4.7.2. ETSI OCG SEC . . . . . . . . . . . . . . . . . . . . . 15 | |||
4.8. GGF - Global Grid Forum . . . . . . . . . . . . . . . . . 15 | 4.8. GGF - Global Grid Forum . . . . . . . . . . . . . . . . . 16 | |||
4.8.1. Global Grid Forum Security Area . . . . . . . . . . . 15 | 4.8.1. Global Grid Forum Security Area . . . . . . . . . . . 16 | |||
4.9. IEEE - The Institute of Electrical and Electronics | 4.9. IEEE - The Institute of Electrical and Electronics | |||
Engineers, Inc. . . . . . . . . . . . . . . . . . . . . . 15 | Engineers, Inc. . . . . . . . . . . . . . . . . . . . . . 16 | |||
4.9.1. IEEE Computer Society's Technical Committee on | 4.9.1. IEEE Computer Society's Technical Committee on | |||
Security and Privacy . . . . . . . . . . . . . . . . . 16 | Security and Privacy . . . . . . . . . . . . . . . . . 17 | |||
4.10. IETF - The Internet Engineering Task Force . . . . . . . . 16 | 4.10. IETF - The Internet Engineering Task Force . . . . . . . . 17 | |||
4.10.1. IETF Security Area . . . . . . . . . . . . . . . . . . 16 | 4.10.1. IETF Security Area . . . . . . . . . . . . . . . . . . 17 | |||
4.11. INCITS - InterNational Committee for Information | 4.11. INCITS - InterNational Committee for Information | |||
Technology Standards . . . . . . . . . . . . . . . . . . . 16 | Technology Standards . . . . . . . . . . . . . . . . . . . 17 | |||
4.11.1. Identification Cards and Related Devices (B10) . . . . 17 | 4.11.1. Identification Cards and Related Devices (B10) . . . . 17 | |||
4.11.2. Cyber Security (CS1) . . . . . . . . . . . . . . . . . 17 | 4.11.2. Cyber Security (CS1) . . . . . . . . . . . . . . . . . 18 | |||
4.11.3. Biometrics (M1) . . . . . . . . . . . . . . . . . . . 17 | 4.11.3. Biometrics (M1) . . . . . . . . . . . . . . . . . . . 18 | |||
4.12. ISO - The International Organization for | 4.12. ISO - The International Organization for | |||
Standardization . . . . . . . . . . . . . . . . . . . . . 17 | Standardization . . . . . . . . . . . . . . . . . . . . . 18 | |||
4.13. ITU - International Telecommunication Union . . . . . . . 18 | 4.13. ITU - International Telecommunication Union . . . . . . . 19 | |||
4.13.1. ITU Telecommunication Standardization Sector - | 4.13.1. ITU Telecommunication Standardization Sector - | |||
ITU-T . . . . . . . . . . . . . . . . . . . . . . . . 18 | ITU-T . . . . . . . . . . . . . . . . . . . . . . . . 19 | |||
4.13.2. ITU Radiocommunication Sector - ITU-R . . . . . . . . 19 | 4.13.2. ITU Radiocommunication Sector - ITU-R . . . . . . . . 19 | |||
4.13.3. ITU Telecom Development - ITU-D . . . . . . . . . . . 19 | 4.13.3. ITU Telecom Development - ITU-D . . . . . . . . . . . 20 | |||
4.14. OASIS - Organization for the Advancement of | 4.14. OASIS - Organization for the Advancement of | |||
Structured Information Standards . . . . . . . . . . . . . 20 | Structured Information Standards . . . . . . . . . . . . . 20 | |||
4.15. OIF - Optical Internetworking Forum . . . . . . . . . . . 20 | 4.15. OIF - Optical Internetworking Forum . . . . . . . . . . . 21 | |||
4.15.1. OAM&P Working Group . . . . . . . . . . . . . . . . . 21 | 4.15.1. OAM&P Working Group . . . . . . . . . . . . . . . . . 21 | |||
4.16. NRIC - The Network Reliability and Interoperability | 4.16. National Security Telecommunications Advisory | |||
Council . . . . . . . . . . . . . . . . . . . . . . . . . 21 | Committee (NSTAC) . . . . . . . . . . . . . . . . . . . . 22 | |||
4.17. National Security Telecommunications Advisory | 4.17. TIA - The Telecommunications Industry Association . . . . 22 | |||
Committee (NSTAC) . . . . . . . . . . . . . . . . . . . . 21 | 4.17.1. APCO Project 25 Public Safety Standards . . . . . . . 22 | |||
4.18. TIA - The Telecommunications Industry Association . . . . 22 | 4.18. TTA - Telecommunications Technology Association . . . . . 23 | |||
4.18.1. Critical Infrastructure Protection (CIP) and | 4.19. The World Wide Web Consortium . . . . . . . . . . . . . . 23 | |||
Homeland Security (HS) . . . . . . . . . . . . . . . . 22 | 4.20. TM Forum . . . . . . . . . . . . . . . . . . . . . . . . . 24 | |||
4.18.2. Commercial Encryption Source Code and Related | 4.20.1. Security Management . . . . . . . . . . . . . . . . . 24 | |||
Information . . . . . . . . . . . . . . . . . . . . . 23 | 5. Security Best Practices Efforts and Documents . . . . . . . . 25 | |||
4.19. TTA - Telecommunications Technology Association . . . . . 23 | 5.1. 3GPP - SA3 - Security . . . . . . . . . . . . . . . . . . 25 | |||
4.20. The World Wide Web Consortium . . . . . . . . . . . . . . 23 | 5.2. 3GPP2 - TSG-S Working Group 4 (Security) . . . . . . . . . 25 | |||
4.21. TM Forum . . . . . . . . . . . . . . . . . . . . . . . . . 24 | ||||
4.21.1. Security Management . . . . . . . . . . . . . . . . . 24 | ||||
5. Security Best Practices Efforts and Documents . . . . . . . . 26 | ||||
5.1. 3GPP - SA3 - Security . . . . . . . . . . . . . . . . . . 26 | ||||
5.2. 3GPP2 - TSG-S Working Group 4 (Security) . . . . . . . . . 26 | ||||
5.3. ATIS-0300276.2008 - Operations, Administration, | 5.3. ATIS-0300276.2008 - Operations, Administration, | |||
Maintenance, and Provisioning Security Requirements | Maintenance, and Provisioning Security Requirements | |||
for the Public Telecommunications Network: A Baseline | for the Public Telecommunications Network: A Baseline | |||
of Security Requirements for the Management Plane . . . . 26 | of Security Requirements for the Management Plane . . . . 25 | |||
5.4. DMTF - Security Modeling Working Group . . . . . . . . . . 27 | 5.4. DMTF - Security Modeling Working Group . . . . . . . . . . 26 | |||
5.5. Common Criteria . . . . . . . . . . . . . . . . . . . . . 27 | 5.5. Common Criteria . . . . . . . . . . . . . . . . . . . . . 26 | |||
5.6. ETSI . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 | 5.6. ETSI . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 | |||
5.7. Operational Security Requirements for IP Network | 5.7. Operational Security Requirements for IP Network | |||
Infrastructure : Advanced Requirements . . . . . . . . . . 29 | Infrastructure : Advanced Requirements . . . . . . . . . . 28 | |||
5.8. ISO JTC 1/SC 27 - Information security Technology | 5.8. ISO JTC 1/SC 27 - Information security Technology | |||
techniques . . . . . . . . . . . . . . . . . . . . . . . . 29 | techniques . . . . . . . . . . . . . . . . . . . . . . . . 28 | |||
5.9. ITU-T Study Group 2 . . . . . . . . . . . . . . . . . . . 29 | 5.9. ITU-T Study Group 2 . . . . . . . . . . . . . . . . . . . 28 | |||
5.10. ITU-T Study Group 17 . . . . . . . . . . . . . . . . . . . 29 | 5.10. ITU-T Study Group 17 . . . . . . . . . . . . . . . . . . . 28 | |||
5.11. NRIC VII Focus Groups . . . . . . . . . . . . . . . . . . 31 | 5.11. NRIC VII Focus Groups . . . . . . . . . . . . . . . . . . 30 | |||
5.12. OASIS Security Technical Committees . . . . . . . . . . . 32 | 5.12. OASIS Security Technical Committees . . . . . . . . . . . 31 | |||
5.13. OIF Implementation Agreements . . . . . . . . . . . . . . 32 | 5.13. OIF Implementation Agreements . . . . . . . . . . . . . . 31 | |||
5.14. TIA - Critical Infrastructure Protection (CIP) and | 5.14. TIA - Critical Infrastructure Protection (CIP) and | |||
Homeland Security (HS) . . . . . . . . . . . . . . . . . . 32 | Homeland Security (HS) . . . . . . . . . . . . . . . . . . 31 | |||
5.15. NIST Special Publications (800 Series) . . . . . . . . . . 33 | 5.15. NIST Special Publications (800 Series) . . . . . . . . . . 32 | |||
5.16. NIST Interagency or Internal Reports (NISTIRs) . . . . . . 33 | 5.16. NIST Interagency or Internal Reports (NISTIRs) . . . . . . 32 | |||
5.17. NIST ITL Security Bulletins . . . . . . . . . . . . . . . 33 | 5.17. NIST ITL Security Bulletins . . . . . . . . . . . . . . . 32 | |||
5.18. SANS Information Security Reading Room . . . . . . . . . . 33 | 5.18. SANS Information Security Reading Room . . . . . . . . . . 33 | |||
6. Security Considerations . . . . . . . . . . . . . . . . . . . 35 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 34 | |||
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 36 | 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 35 | |||
8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 37 | 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 36 | |||
9. Changes from Prior Drafts . . . . . . . . . . . . . . . . . . 38 | 9. Changes from Prior Drafts . . . . . . . . . . . . . . . . . . 37 | |||
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 42 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 41 | |||
1. Introduction | 1. Introduction | |||
The Internet is being recognized as a critical infrastructure similar | The Internet is being recognized as a critical infrastructure similar | |||
in nature to the power grid and a potable water supply. Just like | in nature to the power grid and a potable water supply. Just like | |||
those infrastructures, means are needed to provide resiliency and | those infrastructures, means are needed to provide resiliency and | |||
adaptability to the Internet so that it remains consistently | adaptability to the Internet so that it remains consistently | |||
available to the public throughout the world even during times of | available to the public throughout the world even during times of | |||
duress or attack. For this reason, many SDOs are developing | duress or attack. For this reason, many SDOs are developing | |||
standards with hopes of retaining an acceptable level, or even | standards with hopes of retaining an acceptable level, or even | |||
skipping to change at page 6, line 8 | skipping to change at page 5, line 8 | |||
described in the Working Group Charter. The authors have agreed to | described in the Working Group Charter. The authors have agreed to | |||
keep this document current and request that those who read it will | keep this document current and request that those who read it will | |||
submit corrections or comments. | submit corrections or comments. | |||
Comments on this document may be addressed to the OpSec Working Group | Comments on this document may be addressed to the OpSec Working Group | |||
or directly to the authors. | or directly to the authors. | |||
opsec@ops.ietf.org | opsec@ops.ietf.org | |||
This document will be updated in sections. The most recently updated | This document will be updated in sections. The most recently updated | |||
part of this document is Section 5. | part of this document is Section 4. | |||
2. Format of this Document | 2. Format of this Document | |||
The body of this document has three sections. | The body of this document has three sections. | |||
The first part of the body of this document, Section 3, contains a | The first part of the body of this document, Section 3, contains a | |||
listing of online glossaries relating to networking and security. It | listing of online glossaries relating to networking and security. It | |||
is very important that the definitions of words relating to security | is very important that the definitions of words relating to security | |||
and security events be consistent. Inconsistencies between the | and security events be consistent. Inconsistencies between the | |||
useage of words on standards is unacceptable as it would prevent a | useage of words on standards is unacceptable as it would prevent a | |||
skipping to change at page 11, line 18 | skipping to change at page 10, line 18 | |||
appear to be developing security related standards. These SDOs are | appear to be developing security related standards. These SDOs are | |||
listed in alphabetical order. | listed in alphabetical order. | |||
Note: The authors would appreciate corrections and additions. This | Note: The authors would appreciate corrections and additions. This | |||
note will be removed before publication as an RFC. | note will be removed before publication as an RFC. | |||
4.1. 3GPP - Third Generation Partnership Project | 4.1. 3GPP - Third Generation Partnership Project | |||
http://www.3gpp.org/ | http://www.3gpp.org/ | |||
The 3rd Generation Partnership Project (3GPP) is a collaboration | The 3rd Generation Partnership Project (3GPP) unites [Six] | |||
agreement formed in December 1998. The collaboration agreement is | telecommunications standards bodies, known as "Organizational | |||
comprised of several telecommunications standards bodies which are | Partners" and provides their members with a stable environment to | |||
known as "Organizational Partners". The current Organizational | produce the highly successful Reports and Specifications that define | |||
Partners involved with 3GPP are ARIB, CCSA, ETSI, ATIS, TTA, and TTC. | 3GPP technologies. | |||
4.2. 3GPP2 - Third Generation Partnership Project 2 | 4.2. 3GPP2 - Third Generation Partnership Project 2 | |||
http://www.3gpp2.org/ | http://www.3gpp2.org/ | |||
The Third Generation Partnership Project 2 (3GPP2) is: | The Third Generation Partnership Project 2 (3GPP2) is: | |||
a collaborative third generation (3G) telecommunications | a collaborative third generation (3G) telecommunications | |||
specifications-setting project | specifications-setting project | |||
skipping to change at page 12, line 45 | skipping to change at page 11, line 45 | |||
standards affecting the Financial Services Industry; (4) Focusing on | standards affecting the Financial Services Industry; (4) Focusing on | |||
current and future standards needs of the Financial Services | current and future standards needs of the Financial Services | |||
Industry; (5) Promoting use of Financial Services Industry standards; | Industry; (5) Promoting use of Financial Services Industry standards; | |||
and (6) Participating and promoting the development of international | and (6) Participating and promoting the development of international | |||
standards. | standards. | |||
4.4. ATIS - Alliance for Telecommunications Industry Solutions | 4.4. ATIS - Alliance for Telecommunications Industry Solutions | |||
http://www.atis.org/ | http://www.atis.org/ | |||
ATIS prioritizes the industry's most pressing, technical and | ATIS member companies develop the standards and solutions that are | |||
operational issues, and creates interoperable, implementable, end to | creating the future of the information and communications technology | |||
end solutions -- standards when the industry needs them and where | (ICT) industry. From efforts to realize the cost benefits of cloud | |||
they need them. | services, to standards underpinning the nation's emergency | |||
communications system, to improvements in data access to support | ||||
health care delivery, or developing new avenues to interactive | ||||
sources of entertainment, ATIS' work makes ICT innovation possible. | ||||
Over 600 industry professionals from more than 250 communications | Through involvement in our committees and forums, ATIS member | |||
companies actively participate in ATIS committees and incubator | companies achieve their technical potential and business objectives. | |||
solutions programs. | They also get a strategic view of the future of technology to help | |||
them better position their products and services. ATIS members | ||||
further benefit from valuable networking opportunities with other | ||||
companies leading change in our industry, as well as the insights of | ||||
leading CIOs, CTOs and other thought leaders. | ||||
ATIS develops standards and solutions addressing a wide range of | ATIS gives our members a place at the table where today's ICT | |||
industry issues in a manner that allocates and coordinates industry | standards decisions are being made. Our work helps members prepare | |||
resources and produces the greatest return for communications | for when the future becomes today. And, with the fast pace of | |||
companies. | innovation, the gap between today's technologies and tomorrow's | |||
networks is all but disappearing. | ||||
ATIS creates solutions that support the rollout of new products and | ATIS creates solutions that support the rollout of new products and | |||
services into the information, entertainment and communications | services into the information, entertainment and communications | |||
marketplace. Its activities provide the basis for the industry's | marketplace. Its activities provide the basis for the industry's | |||
delivery of: | delivery of: | |||
Existing and next generation IP-based infrastructures; | Existing and next generation IP-based infrastructures; | |||
Reliable converged multimedia services, including IPTV; | Reliable converged multimedia services, including IPTV; | |||
skipping to change at page 14, line 35 | skipping to change at page 13, line 46 | |||
Representation, Common/Underlying Management Functionality/ | Representation, Common/Underlying Management Functionality/ | |||
Technology, and Ancillary Functions (such as network tones and | Technology, and Ancillary Functions (such as network tones and | |||
announcements). This work requires close and coordinated working | announcements). This work requires close and coordinated working | |||
relationships with other domestic and international standards | relationships with other domestic and international standards | |||
development organizations and industry forums. | development organizations and industry forums. | |||
4.5. CC - Common Criteria | 4.5. CC - Common Criteria | |||
http://www.commoncriteriaportal.org/ | http://www.commoncriteriaportal.org/ | |||
Common Criteria is a framework in which computer system users can | The Common Criteria for Information Technology Security Evaluation | |||
specify their security functional and assurance requirements, vendors | (CC), and the companion Common Methodology for Information Technology | |||
can then implement and/or make claims about the security attributes | Security Evaluation (CEM) are the technical basis for an | |||
of their products, and testing laboratories can evaluate the products | international agreement, the Common Criteria Recognition Arrangement | |||
to determine if they actually meet the claims. In other words, | (CCRA), which ensures that: | |||
Common Criteria provides assurance that the process of specification, | ||||
implementation and evaluation of a computer security product has been | Products can be evaluated by competent and independent licensed | |||
conducted in a rigorous and standard manner. [attribute wikipedia] | laboratories so as to determine the fulfilment of particular | |||
security properties, to a certain extent or assurance; | ||||
Supporting documents, are used within the Common Criteria | ||||
certification process to define how the criteria and evaluation | ||||
methods are applied when certifying specific technologies; | ||||
The certification of the security properties of an evaluated | ||||
product can be issued by a number of Certificate Authorizing | ||||
Schemes, with this certification being based on the result of | ||||
their evaluation; | ||||
These certificates are recognized by all the signatories of the | ||||
CCRA. | ||||
The CC is the driving force for the widest available mutual | ||||
recognition of secure IT products. This web portal is available to | ||||
support the information on the status of the CCRA, the CC and the | ||||
certification schemes, licensed laboratories, certified products and | ||||
related information, news and events. | ||||
4.6. DMTF - Distributed Management Task Force, Inc. | 4.6. DMTF - Distributed Management Task Force, Inc. | |||
http://www.dmtf.org/ | http://www.dmtf.org/ | |||
DMTF enables more effective management of millions of IT systems | DMTF enables more effective management of millions of IT systems | |||
worldwide by bringing the IT industry together to collaborate on the | worldwide by bringing the IT industry together to collaborate on the | |||
development, validation and promotion of systems management | development, validation and promotion of systems management | |||
standards. DMTF management standards are critical to enabling | standards. | |||
management interoperability among multi-vendor systems, tools and | ||||
solutions within the enterprise. We are committed to protecting | The group spans the industry with 160 member companies and | |||
companies' IT investments by creating standards that promote multi- | organizations, and more than 4,000 active participants crossing 43 | |||
vendor interoperability. Our dedication to fostering collaboration | countries. The DMTF board of directors is led by 15 innovative, | |||
within the industry provides a win-win situation for vendors and IT | industry-leading technology companies. They include Advanced Micro | |||
personnel alike. | Devices (AMD); Broadcom Corporation; CA, Inc.; Cisco; Citrix Systems, | |||
Inc.; EMC; Fujitsu; HP; Huawei; IBM; Intel Corporation; Microsoft | ||||
Corporation; Oracle; RedHat and VMware, Inc. | ||||
With this deep and broad reach, DMTF creates standards that enable | ||||
interoperable IT management. DMTF management standards are critical | ||||
to enabling management interoperability among multi-vendor systems, | ||||
tools and solutions within the enterprise. | ||||
4.7. ETSI - The European Telecommunications Standard Institute | 4.7. ETSI - The European Telecommunications Standard Institute | |||
http://www.etsi.org/ | http://www.etsi.org/ | |||
The European Telecommunications Standards Institute (ETSI) produces | The European Telecommunications Standards Institute (ETSI) produces | |||
globally-applicable standards for Information and Communications | globally-applicable standards for Information and Communications | |||
Technologies (ICT), including fixed, mobile, radio, converged, | Technologies (ICT), including fixed, mobile, radio, converged, | |||
broadcast and internet technologies. | broadcast and internet technologies. | |||
ETSI is officially recognized by the European Union as a European | We are officially recognized by the European Union as a European | |||
Standards Organization. | Standards Organization. The high quality of our work and our open | |||
approach to standardization has helped us evolve into a European | ||||
roots - global branches operation with a solid reputation for | ||||
technical excellence. | ||||
4.7.1. ETSI SEC | 4.7.1. ETSI SEC | |||
http://portal.etsi.org/portal/server.pt/gateway/ | http://portal.etsi.org/portal/server.pt/gateway/ | |||
PTARGS_0_13938_491_312_425_43/tb/closed_tb/sec.asp | PTARGS_0_13938_491_312_425_43/tb/closed_tb/sec.asp | |||
Board#38 confirmed the closure of TC SEC. | Board#38 confirmed the closure of TC SEC. | |||
At the same time it approved the creation of an OCG Ad Hoc group OCG | At the same time it approved the creation of an OCG Ad Hoc group OCG | |||
Security | Security | |||
skipping to change at page 15, line 45 | skipping to change at page 15, line 37 | |||
The SEC Working groups (ESI and LI) were closed and TC ESI and a TC | The SEC Working groups (ESI and LI) were closed and TC ESI and a TC | |||
LI were created to continue the work. | LI were created to continue the work. | |||
All documents and information relevant to ESI and LI are available | All documents and information relevant to ESI and LI are available | |||
from the TC ESI and TC LI sites | from the TC ESI and TC LI sites | |||
4.7.2. ETSI OCG SEC | 4.7.2. ETSI OCG SEC | |||
http://portal.etsi.org/ocgsecurity/OCG_security_ToR.asp | http://portal.etsi.org/ocgsecurity/OCG_security_ToR.asp | |||
The group's primary role is to provide a light-weight horizontal co- | The creation of the OCG SEC was decided at the Board #38 on 30 May | |||
2002. The group's primary role is to provide a horizontal co- | ||||
ordination structure for security issues that will ensure this work | ordination structure for security issues that will ensure this work | |||
is seriously considered in each ETSI TB and that any duplicate or | is seriously considered in each ETSI TB and that any duplicate or | |||
conflicting work is detected. To achieve this aim the group should | conflicting work is detected. To achieve this aim the group should | |||
mainly conduct its work via email and, where appropriate, co-sited | mainly conduct its work via email and, where appropriate, co-sited | |||
"joint security" technical working meetings. | "joint security" technical working meetings. | |||
When scheduled, appropriate time at each "joint SEC" meeting should | When scheduled, appropriate time at each "joint SEC" meeting should | |||
be allocated during the meetings to allow for: | be allocated during the meetings to allow for: | |||
Individual committee activities as well as common work; | Individual committee activities as well as common work; | |||
skipping to change at page 16, line 11 | skipping to change at page 16, line 4 | |||
conflicting work is detected. To achieve this aim the group should | conflicting work is detected. To achieve this aim the group should | |||
mainly conduct its work via email and, where appropriate, co-sited | mainly conduct its work via email and, where appropriate, co-sited | |||
"joint security" technical working meetings. | "joint security" technical working meetings. | |||
When scheduled, appropriate time at each "joint SEC" meeting should | When scheduled, appropriate time at each "joint SEC" meeting should | |||
be allocated during the meetings to allow for: | be allocated during the meetings to allow for: | |||
Individual committee activities as well as common work; | Individual committee activities as well as common work; | |||
Coordination between the committees; and | Coordination between the committees; and | |||
Experts to contribute to more than one committee. | Experts to contribute to more than one committee. | |||
4.8. GGF - Global Grid Forum | 4.8. GGF - Global Grid Forum | |||
http://www.gridforum.org/ | http://www.gridforum.org/ | |||
The Global Grid Forum (GGF) is a community-initiated forum of | OGF is an open community committed to driving the rapid evolution and | |||
thousands of individuals from industry and research leading the | adoption of applied distributed computing. Applied Distributed | |||
global standardization effort for grid computing. GGF's primary | Computing is critical to developing new, innovative and scalable | |||
objectives are to promote and support the development, deployment, | applications and infrastructures that are essential to productivity | |||
and implementation of grid technologies and applications via the | in the enterprise and within the science community. OGF accomplishes | |||
creation and documentation of "best practices" - technical | its work through open forums that build the community, explore | |||
specifications, user experiences, and implementation guidelines. | trends, share best practices and consolidate these best practices | |||
into standards. | ||||
4.8.1. Global Grid Forum Security Area | 4.8.1. Global Grid Forum Security Area | |||
http://www.ogf.org/gf/group_info/areasgroups.php?area_id=7 | http://www.ogf.org/gf/group_info/areasgroups.php?area_id=7 | |||
The Security Area is concerned with technical and operational | The Security Area is concerned with technical and operational | |||
security issues in Grid environments, including authentication, | security issues in Grid environments, including authentication, | |||
authorization, privacy, confidentiality, auditing, firewalls, trust | authorization, privacy, confidentiality, auditing, firewalls, trust | |||
establishment, policy establishment, and dynamics, scalability and | establishment, policy establishment, and dynamics, scalability and | |||
management aspects of all of the above. | management aspects of all of the above. | |||
skipping to change at page 18, line 46 | skipping to change at page 18, line 38 | |||
testing and reporting. The goal of M1's work is to accelerate the | testing and reporting. The goal of M1's work is to accelerate the | |||
deployment of significantly better, standards-based security | deployment of significantly better, standards-based security | |||
solutions for purposes, such as, homeland defense and the prevention | solutions for purposes, such as, homeland defense and the prevention | |||
of identity theft as well as other government and commercial | of identity theft as well as other government and commercial | |||
applications based on biometric personal authentication. | applications based on biometric personal authentication. | |||
4.12. ISO - The International Organization for Standardization | 4.12. ISO - The International Organization for Standardization | |||
http://www.iso.org/ | http://www.iso.org/ | |||
SO (International Organization for Standardization) is the world's | ISO (International Organization for Standardization) is the world's | |||
largest developer and publisher of International Standards. | largest developer and publisher of International Standards. | |||
ISO is a network of the national standards institutes of 160 | ISO is a network of the national standards institutes of 163 | |||
countries, one member per country, with a Central Secretariat in | countries, one member per country, with a Central Secretariat in | |||
Geneva, Switzerland, that coordinates the system. | Geneva, Switzerland, that coordinates the system. | |||
ISO is a non-governmental organization that forms a bridge between | ISO is a non-governmental organization that forms a bridge between | |||
the public and private sectors. On the one hand, many of its member | the public and private sectors. On the one hand, many of its member | |||
institutes are part of the governmental structure of their countries, | institutes are part of the governmental structure of their countries, | |||
or are mandated by their government. On the other hand, other | or are mandated by their government. On the other hand, other | |||
members have their roots uniquely in the private sector, having been | members have their roots uniquely in the private sector, having been | |||
set up by national partnerships of industry associations. | set up by national partnerships of industry associations. | |||
Therefore, ISO enables a consensus to be reached on solutions that | Therefore, ISO enables a consensus to be reached on solutions that | |||
meet both the requirements of business and the broader needs of | meet both the requirements of business and the broader needs of | |||
society. | society. | |||
4.13. ITU - International Telecommunication Union | 4.13. ITU - International Telecommunication Union | |||
http://www.itu.int/ | http://www.itu.int/ | |||
ITU is the leading United Nations agency for information and | ITU (International Telecommunication Union) is the United Nations | |||
communication technology issues, and the global focal point for | specialized agency for information and communication technologies - | |||
governments and the private sector in developing networks and | ICTs. | |||
services. For 145 years, ITU has coordinated the shared global use | ||||
of the radio spectrum, promoted international cooperation in | ||||
assigning satellite orbits, worked to improve telecommunication | ||||
infrastructure in the developing world, established the worldwide | ||||
standards that foster seamless interconnection of a vast range of | ||||
communications systems and addressed the global challenges of our | ||||
times, such as mitigating climate change and strengthening | ||||
cybersecurity. | ||||
ITU also organizes worldwide and regional exhibitions and forums, | We allocate global radio spectrum and satellite orbits, develop the | |||
such as ITU TELECOM WORLD, bringing together the most influential | technical standards that ensure networks and technologies seamlessly | |||
representatives of government and the telecommunications and ICT | interconnect, and strive to improve access to ICTs to underserved | |||
industry to exchange ideas, knowledge and technology for the benefit | communities worldwide. | |||
of the global community, and in particular the developing world. | ||||
From broadband Internet to latest-generation wireless technologies, | ITU is committed to connecting all the world's people - wherever they | |||
from aeronautical and maritime navigation to radio astronomy and | live and whatever their means. Through our work, we protect and | |||
satellite-based meteorology, from convergence in fixed-mobile phone, | support everyone's fundamental right to communicate. | |||
Internet access, data, voice and TV broadcasting to next-generation | ||||
networks, ITU is committed to connecting the world. | ||||
The ITU is comprised of three sectors: | The ITU is comprised of three sectors: | |||
4.13.1. ITU Telecommunication Standardization Sector - ITU-T | 4.13.1. ITU Telecommunication Standardization Sector - ITU-T | |||
http://www.itu.int/ITU-T/ | http://www.itu.int/ITU-T/ | |||
ITU-T Recommendations are defining elements in information and | ITU-T Recommendations are defining elements in information and | |||
communication technologies (ICTs) infrastructure. Whether we | communication technologies (ICTs) infrastructure. Whether we | |||
exchange voice, data or video messages, communications cannot take | exchange voice, data or video messages, communications cannot take | |||
skipping to change at page 21, line 21 | skipping to change at page 20, line 52 | |||
OASIS (Organization for the Advancement of Structured Information | OASIS (Organization for the Advancement of Structured Information | |||
Standards) is a not-for-profit consortium that drives the | Standards) is a not-for-profit consortium that drives the | |||
development, convergence and adoption of open standards for the | development, convergence and adoption of open standards for the | |||
global information society. The consortium produces more Web | global information society. The consortium produces more Web | |||
services standards than any other organization along with standards | services standards than any other organization along with standards | |||
for security, e-business, and standardization efforts in the public | for security, e-business, and standardization efforts in the public | |||
sector and for application-specific markets. Founded in 1993, OASIS | sector and for application-specific markets. Founded in 1993, OASIS | |||
has more than 5,000 participants representing over 600 organizations | has more than 5,000 participants representing over 600 organizations | |||
and individual members in 100 countries. | and individual members in 100 countries. | |||
OASIS is distinguished by its transparent governance and operating | OASIS promotes industry consensus and produces worldwide standards | |||
procedures. Members themselves set the OASIS technical agenda, using | for security, Cloud computing, SOA, Web services, the Smart Grid, | |||
a lightweight process expressly designed to promote industry | electronic publishing, emergency management, and other areas. OASIS | |||
consensus and unite disparate efforts. Completed work is ratified by | open standards offer the potential to lower cost, stimulate | |||
open ballot. Governance is accountable and unrestricted. Officers | innovation, grow global markets, and protect the right of free choice | |||
of both the OASIS Board of Directors and Technical Advisory Board are | of technology. | |||
chosen by democratic election to serve two-year terms. Consortium | ||||
leadership is based on individual merit and is not tied to financial | ||||
contribution, corporate standing, or special appointment. | ||||
OASIS has several Technical Committees in the Security Category. | OASIS has several Technical Committees in the Security Category. | |||
http://www.oasis-open.org/committees/tc_cat.php?cat=security | http://www.oasis-open.org/committees/tc_cat.php?cat=security | |||
4.15. OIF - Optical Internetworking Forum | 4.15. OIF - Optical Internetworking Forum | |||
http://www.oiforum.com/ | http://www.oiforum.com/ | |||
"The Optical Internetworking Forum (OIF) promotes the development and | "The Optical Internetworking Forum (OIF) promotes the development and | |||
skipping to change at page 22, line 33 | skipping to change at page 22, line 12 | |||
The scope includes but is not limited to a) planning, engineering and | The scope includes but is not limited to a) planning, engineering and | |||
provisioning of network resources; b) operations, maintenance or | provisioning of network resources; b) operations, maintenance or | |||
administration use cases and processes; and c) management | administration use cases and processes; and c) management | |||
functionality and interfaces for operations support systems and | functionality and interfaces for operations support systems and | |||
interoperable network equipment. Within its scope are Fault, | interoperable network equipment. Within its scope are Fault, | |||
Configuration, Accounting, Performance and Security Management | Configuration, Accounting, Performance and Security Management | |||
(FCAPS) and Security. The OAM&P working group will also account for | (FCAPS) and Security. The OAM&P working group will also account for | |||
work by related standards development organizations (SDOs), identify | work by related standards development organizations (SDOs), identify | |||
gaps and formulate OIF input to other SDOs as may be appropriate. | gaps and formulate OIF input to other SDOs as may be appropriate. | |||
4.16. NRIC - The Network Reliability and Interoperability Council | 4.16. National Security Telecommunications Advisory Committee (NSTAC) | |||
http://www.nric.org/ | ||||
The mission of the NRIC is partner with the Federal Communications | ||||
Commission, the communications industry and public safety to | ||||
facilitate enhancement of emergency communications networks, homeland | ||||
security, and best practices across the burgeoning telecommunications | ||||
industry. | ||||
It appears that the last NRIC Council concluded in 2005. | ||||
4.17. National Security Telecommunications Advisory Committee (NSTAC) | ||||
http://www.ncs.gov/nstac/nstac.html | http://www.ncs.gov/nstac/nstac.html | |||
President Ronald Reagan created the National Security | Meeting our Nation's critical national security and emergency | |||
Telecommunications Advisory Committee (NSTAC) by Executive Order | preparedness (NS/EP) challenges demands attention to many issues. | |||
12382 in September 1982. Composed of up to 30 industry chief | Among these, none could be more important than the availability and | |||
executives representing the major communications and network service | reliability of telecommunication services. The President's National | |||
providers and information technology, finance, and aerospace | Security Telecommunications Advisory Committee (NSTAC) mission is to | |||
companies, the NSTAC provides industry-based advice and expertise to | provide the U.S. Government the best possible industry advice in | |||
the President on issues and problems related to implementing national | these areas. | |||
security and emergency preparedness (NS/EP) communications policy. | ||||
Since its inception, the NSTAC has addressed a wide range of policy | ||||
and technical issues regarding communications, information systems, | ||||
information assurance, critical infrastructure protection, and other | ||||
NS/EP communications concerns. | ||||
The mission of the NSTAC: Meeting our Nation's critical national | ||||
security and emergency preparedness (NS/EP) challenges demands | ||||
attention to many issues. Among these, none could be more important | ||||
than the availability and reliability of telecommunication services. | ||||
The President's National Security Telecommunications Advisory | ||||
Committee (NSTAC) mission is to provide the U.S. Government the best | ||||
possible industry advice in these areas. | ||||
4.18. TIA - The Telecommunications Industry Association | 4.17. TIA - The Telecommunications Industry Association | |||
http://www.tiaonline.org/ | http://www.tiaonline.org/ | |||
The Telecommunications Industry Association (TIA) is the leading | The Telecommunications Industry Association (TIA) is the leading | |||
trade association representing the global information and | trade association representing the global information and | |||
communications technology (ICT) industries through standards | communications technology (ICT) industries through standards | |||
development, government affairs, business opportunities, market | development, government affairs, business opportunities, market | |||
intelligence, certification and world-wide environmental regulatory | intelligence, certification and world-wide environmental regulatory | |||
compliance. With support from its 600 members, TIA enhances the | compliance. With support from its 600 members, TIA enhances the | |||
business environment for companies involved in telecommunications, | business environment for companies involved in telecommunications, | |||
broadband, mobile wireless, information technology, networks, cable, | broadband, mobile wireless, information technology, networks, cable, | |||
satellite, unified communications, emergency communications and the | satellite, unified communications, emergency communications and the | |||
greening of technology. TIA is accredited by ANSI. | greening of technology. TIA is accredited by ANSI. | |||
4.18.1. Critical Infrastructure Protection (CIP) and Homeland Security | 4.17.1. APCO Project 25 Public Safety Standards | |||
(HS) | ||||
http://www.tiaonline.org/standards/technology/ciphs/ | ||||
This TIA webpage identifies and links to many standards, other | ||||
technical documents and ongoing activity involving or supporting | ||||
TIA's role in Public Safety and Homeland Security, Network Security, | ||||
Critical Infrastructure Protection and Assurance, National Security/ | ||||
Emergency Preparedness, Emergency Communications Services, Emergency | ||||
Calling and Location Identification Services, and the Needs of First | ||||
Responders. For the purpose of this webpage, national/international | ||||
terms relating to public safety and disaster response can be | ||||
considered synonymous (and interchangeable) with terms relating to | ||||
public protection and disaster relief. | ||||
4.18.2. Commercial Encryption Source Code and Related Information | http://www.tiaonline.org/all-standards/committees/tr-8 | |||
http://www.tiaonline.org/standards/technology/ahag/index.cfm | Recognizing the need for common standards for first responders and | |||
homeland security/emergency response professionals, representatives | ||||
from the Association of Public Safety Communications Officials | ||||
International (APCO), the National Association of State | ||||
Telecommunications Directors (NASTD), selected federal agencies and | ||||
the National Communications System (NCS) established Project 25 | ||||
(PDF), a steering committee for selecting voluntary common system | ||||
standards for digital public safety radio communications. TIA TR-8 | ||||
facilitates such work through its role as an ANSI-accredited | ||||
Standards Development Organization (SDO) and has developed in TR-8 | ||||
the 102 series of technical documents. These standards directly | ||||
address the guidelines of the Communications Assistance for Law | ||||
Enforcement Act (CALEA). | ||||
This section seems to link to commercial encryption source code. | 4.18. TTA - Telecommunications Technology Association | |||
Access requires agreement to terms and conditions and then | ||||
registration. | ||||
4.19. TTA - Telecommunications Technology Association | http://www.tta.or.kr/ | |||
http://www.tta.or.kr/ http://www.tta.or.kr/English/index.jsp | http://www.tta.or.kr/English/index.jsp (English) | |||
(English) | ||||
The purpose of TTA is to contribute to the advancement of technology | The purpose of TTA is to contribute to the advancement of technology | |||
and the promotion of information and telecommunications services and | and the promotion of information and telecommunications services and | |||
industry as well as the development of national economy, by | industry as well as the development of national economy, by | |||
effectively stablishing and providing technical standards that | effectively stablishing and providing technical standards that | |||
reflect the latest domestic and international technological advances, | reflect the latest domestic and international technological advances, | |||
needed for the planning, design and operation of global end-to-end | needed for the planning, design and operation of global end-to-end | |||
telecommunications and related information services, in close | telecommunications and related information services, in close | |||
collaboration with companies, organizations and groups concerned with | collaboration with companies, organizations and groups concerned with | |||
information and telecommunications such as network operators, service | information and telecommunications such as network operators, service | |||
providers, equipment manufacturers, academia, R&D institutes, etc. | providers, equipment manufacturers, academia, R&D institutes, etc. | |||
4.20. The World Wide Web Consortium | 4.19. The World Wide Web Consortium | |||
http://www.w3.org/Consortium/ | http://www.w3.org/Consortium/ | |||
The World Wide Web Consortium (W3C) is an international community | The World Wide Web Consortium (W3C) is an international community | |||
where Member organizations, a full-time staff, and the public work | where Member organizations, a full-time staff, and the public work | |||
together to develop Web standards. Led by Web inventor Tim Berners- | together to develop Web standards. Led by Web inventor Tim Berners- | |||
Lee and CEO Jeffrey Jaffe, W3C's mission is to lead the Web to its | Lee and CEO Jeffrey Jaffe, W3C's mission is to lead the Web to its | |||
full potential. | full potential. | |||
http://www.w3.org/Security/Activity | http://www.w3.org/Security/ | |||
The work in the W3C Security Activity currently comprises two Working | Security online is a vast field that is being worked on by a number | |||
Groups, the Web Security Context Working Group and the XML Security | of organizations, including W3C. Mapping the entire field would be a | |||
Working Group. | huge endeavor; hence, this page focuses on work that W3C is involved | |||
in. | ||||
The Web Security Context Working Group focuses on the challenges that | The traditional W3C Security Resources page is no longer maintained, | |||
arise when users encounter currently deployed security technology, | but remains online for archival purposes. | |||
such as TLS: While this technology achieves its goals on a technical | ||||
level, attackers' strategies shift towards bypassing the security | ||||
technology instead of breaking it. When users do not understand the | ||||
security context in which they operate, then it becomes easy to | ||||
deceive and defraud them. This Working Group is planning to see its | ||||
main deliverable, the User Interface Guidelines, through to | ||||
Recommendation, but will not engage in additional recommendation | ||||
track work beyond this deliverable. The Working Group is currently | ||||
operating at reduced Team effort (compared to the initial effort | ||||
reserved to this Working Group). Initial (and informal) | ||||
conversations about forming an Interest Group that could serve as a | ||||
place for community-building and specification review have not led as | ||||
far as we had hoped at the previous Advisory Committee Meeting, but | ||||
are still on the Team's agenda. | ||||
The XML Security Working Group started up in summer 2008, and has | The Web Security Wiki serves as a place for interested parties in the | |||
decided to publish an interim set of 1.1 specifications as it works | Web security community to collect information about security aspects | |||
towards producing a more radical change to XML Signature. The XML | of specifications and implementations of Web technologies. | |||
Signature 1.1 and XML Encryption 1.1 specifications clarify and | ||||
enhance the previous specifications without introducing breaking | ||||
changes, although they do introduce new algorithms. | ||||
4.21. TM Forum | 4.20. TM Forum | |||
http://www.tmforum.org/ | http://www.tmforum.org/ | |||
With more than 700 corporate members in 195 countries, TM Forum is | TM Forum is a global, non-profit industry association focused on | |||
the world's leading industry association focused on enabling best-in- | simplifying the complexity of running a service provider's business. | |||
class IT for service providers in the communications, media and cloud | As an established industry thought-leader, the Forum serves as a | |||
service markets. The Forum provides business-critical industry | unifying force, enabling more than 850 companies across 195 countries | |||
standards and expertise to enable the creation, delivery and | to solve critical business issues through access to a wealth of | |||
monetization of digital services. | knowledge, intellectual capital and standards. | |||
TM Forum brings together the world's largest communications, | ||||
technology and media companies, providing an innovative, industry- | ||||
leading approach to collaborative R&D, along with wide range of | ||||
support services including benchmarking, training and certification. | ||||
The Forum produces the renowned international Management World | ||||
conference series, as well as thought-leading industry research and | ||||
publications. | ||||
4.21.1. Security Management | 4.20.1. Security Management | |||
http://www.tmforum.org/SecurityManagement/9152/home.html | http://www.tmforum.org/SecurityManagement/9152/home.html | |||
Securing networks, cyber, clouds, and identity against evolving and | Securing networks, cyber, clouds, and identity against evolving and | |||
ever present threats has emerged as a top priority for TM Forum | ever present threats has emerged as a top priority for TM Forum | |||
members. In response, the TM Forum's Security Management Initiative | members. In response, the TM Forum's Security Management Initiative | |||
was formally launched in 2009. While some of our Security Management | was formally launched in 2009. While some of our Security Management | |||
efforts, such as Identity Management, are well established and boast | efforts, such as Identity Management, are well established and boast | |||
mature Business Agreements and Interfaces, a series of presentations, | mature Business Agreements and Interfaces, a series of presentations, | |||
contributions, and multi-vendor technology demonstrations have jumped | contributions, and multi-vendor technology demonstrations have jumped | |||
skipping to change at page 32, line 51 | skipping to change at page 30, line 51 | |||
the Roadmap. This will enable more timely updating of the | the Roadmap. This will enable more timely updating of the | |||
information and will also reduce the overhead in maintaining the | information and will also reduce the overhead in maintaining the | |||
information. | information. | |||
http://www.itu.int/ITU-T/security/main_table.aspx | http://www.itu.int/ITU-T/security/main_table.aspx | |||
5.11. NRIC VII Focus Groups | 5.11. NRIC VII Focus Groups | |||
http://www.nric.org/fg/index.html | http://www.nric.org/fg/index.html | |||
The mission of the NRIC is partner with the Federal Communications | ||||
Commission, the communications industry and public safety to | ||||
facilitate enhancement of emergency communications networks, homeland | ||||
security, and best practices across the burgeoning telecommunications | ||||
industry. | ||||
By December 16, 2005, the Council shall present a final report that | By December 16, 2005, the Council shall present a final report that | |||
describes, in detail, any additions, deletions, or modifications that | describes, in detail, any additions, deletions, or modifications that | |||
should be made to the Homeland Security Best Practices that were | should be made to the Homeland Security Best Practices that were | |||
adopted by the preceding Council. | adopted by the preceding Council. | |||
Documents in Focus Group 2: Homeland Security, Subcommittee 2.B: | Documents in Focus Group 2: Homeland Security, Subcommittee 2.B: | |||
Cyber Security: | Cyber Security: | |||
Focus Group 2B Report - Homeland Security Cyber Security Best | Focus Group 2B Report - Homeland Security Cyber Security Best | |||
Practices Published 06-Dec-2004 | Practices Published 06-Dec-2004 | |||
skipping to change at page 42, line 17 | skipping to change at page 40, line 17 | |||
-16 : Sixteenth revision of the WG ID. | -16 : Sixteenth revision of the WG ID. | |||
Updated the date and reviewed the accuracy of Section 5. Several | Updated the date and reviewed the accuracy of Section 5. Several | |||
changes made. | changes made. | |||
-17 : Seventeenth revision of the WG ID. | -17 : Seventeenth revision of the WG ID. | |||
Updated the date and reviewed the accuracy of Section 3. A couple | Updated the date and reviewed the accuracy of Section 3. A couple | |||
of changes made. | of changes made. | |||
-18 : Eighteenth revision of the WG ID. | ||||
Updated the date and reviewed the accuracy of Section 4. Some | ||||
changes made. | ||||
Note: This section will be removed before publication as an RFC. | Note: This section will be removed before publication as an RFC. | |||
Authors' Addresses | Authors' Addresses | |||
Chris Lonvick | Chris Lonvick | |||
Cisco Systems | Cisco Systems | |||
12515 Research Blvd. | 12515 Research Blvd. | |||
Austin, Texas 78759 | Austin, Texas 78759 | |||
US | US | |||
End of changes. 60 change blocks. | ||||
245 lines changed or deleted | 213 lines changed or added | |||
This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ |