draft-ietf-opsec-efforts-18.txt   draft-ietf-opsec-efforts-19.txt 
Network Working Group C. Lonvick Network Working Group C. Lonvick
Internet-Draft D. Spak Internet-Draft D. Spak
Intended status: Informational Cisco Systems Intended status: Informational Cisco Systems
Expires: October 20, 2012 April 18, 2012 Expires: April 20, 2013 October 17, 2012
Security Best Practices Efforts and Documents Security Best Practices Efforts and Documents
draft-ietf-opsec-efforts-18.txt draft-ietf-opsec-efforts-19.txt
Abstract Abstract
This document provides a snapshot of the current efforts to define or This document provides a snapshot of the current efforts to define or
apply security requirements in various Standards Developing apply security requirements in various Standards Developing
Organizations (SDO). Organizations (SDO).
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
skipping to change at page 1, line 32 skipping to change at page 1, line 32
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 20, 2012. This Internet-Draft will expire on April 20, 2013.
Copyright Notice Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 41 skipping to change at page 3, line 41
5.9. ITU-T Study Group 2 . . . . . . . . . . . . . . . . . . . 28 5.9. ITU-T Study Group 2 . . . . . . . . . . . . . . . . . . . 28
5.10. ITU-T Study Group 17 . . . . . . . . . . . . . . . . . . . 28 5.10. ITU-T Study Group 17 . . . . . . . . . . . . . . . . . . . 28
5.11. NRIC VII Focus Groups . . . . . . . . . . . . . . . . . . 30 5.11. NRIC VII Focus Groups . . . . . . . . . . . . . . . . . . 30
5.12. OASIS Security Technical Committees . . . . . . . . . . . 31 5.12. OASIS Security Technical Committees . . . . . . . . . . . 31
5.13. OIF Implementation Agreements . . . . . . . . . . . . . . 31 5.13. OIF Implementation Agreements . . . . . . . . . . . . . . 31
5.14. TIA - Critical Infrastructure Protection (CIP) and 5.14. TIA - Critical Infrastructure Protection (CIP) and
Homeland Security (HS) . . . . . . . . . . . . . . . . . . 31 Homeland Security (HS) . . . . . . . . . . . . . . . . . . 31
5.15. NIST Special Publications (800 Series) . . . . . . . . . . 32 5.15. NIST Special Publications (800 Series) . . . . . . . . . . 32
5.16. NIST Interagency or Internal Reports (NISTIRs) . . . . . . 32 5.16. NIST Interagency or Internal Reports (NISTIRs) . . . . . . 32
5.17. NIST ITL Security Bulletins . . . . . . . . . . . . . . . 32 5.17. NIST ITL Security Bulletins . . . . . . . . . . . . . . . 32
5.18. SANS Information Security Reading Room . . . . . . . . . . 33 5.18. SANS Information Security Reading Room . . . . . . . . . . 32
6. Security Considerations . . . . . . . . . . . . . . . . . . . 34 6. Security Considerations . . . . . . . . . . . . . . . . . . . 34
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 35 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 35
8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 36 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 36
9. Changes from Prior Drafts . . . . . . . . . . . . . . . . . . 37 9. Changes from Prior Drafts . . . . . . . . . . . . . . . . . . 37
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 41 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 41
1. Introduction 1. Introduction
The Internet is being recognized as a critical infrastructure similar The Internet is being recognized as a critical infrastructure similar
in nature to the power grid and a potable water supply. Just like in nature to the power grid and a potable water supply. Just like
skipping to change at page 22, line 30 skipping to change at page 22, line 30
Security Telecommunications Advisory Committee (NSTAC) mission is to Security Telecommunications Advisory Committee (NSTAC) mission is to
provide the U.S. Government the best possible industry advice in provide the U.S. Government the best possible industry advice in
these areas. these areas.
4.17. TIA - The Telecommunications Industry Association 4.17. TIA - The Telecommunications Industry Association
http://www.tiaonline.org/ http://www.tiaonline.org/
The Telecommunications Industry Association (TIA) is the leading The Telecommunications Industry Association (TIA) is the leading
trade association representing the global information and trade association representing the global information and
communications technology (ICT) industries through standards communications technology (ICT) industry through Standards
development, government affairs, business opportunities, market development, Policy initiatives, business opportunities, market
intelligence, certification and world-wide environmental regulatory intelligence and networking events. With support from hundreds of
compliance. With support from its 600 members, TIA enhances the members, TIA enhances the business environment for companies involved
business environment for companies involved in telecommunications, in telecom, broadband, mobile wireless, information technology,
broadband, mobile wireless, information technology, networks, cable, networks, cable, satellite, unified communications, emergency
satellite, unified communications, emergency communications and the communications and the greening of technology. TIA is accredited by
greening of technology. TIA is accredited by ANSI. ANSI.
4.17.1. APCO Project 25 Public Safety Standards 4.17.1. APCO Project 25 Public Safety Standards
http://www.tiaonline.org/all-standards/committees/tr-8 http://www.tiaonline.org/all-standards/committees/tr-8
Recognizing the need for common standards for first responders and Recognizing the need for common standards for first responders and
homeland security/emergency response professionals, representatives homeland security/emergency response professionals, representatives
from the Association of Public Safety Communications Officials from the Association of Public Safety Communications Officials
International (APCO), the National Association of State International (APCO), the National Association of State
Telecommunications Directors (NASTD), selected federal agencies and Telecommunications Directors (NASTD), selected federal agencies and
skipping to change at page 31, line 51 skipping to change at page 31, line 51
(September 2003) (September 2003)
http://www.oiforum.com/public/documents/SecurityMgmt-IA.pdf http://www.oiforum.com/public/documents/SecurityMgmt-IA.pdf
OIF-SMI-02.1 - Addendum to the Security for Management Interfaces to OIF-SMI-02.1 - Addendum to the Security for Management Interfaces to
Network Elements (March 2006) Network Elements (March 2006)
http://www.oiforum.com/public/documents/OIF-SMI-02_1.pdf http://www.oiforum.com/public/documents/OIF-SMI-02_1.pdf
5.14. TIA - Critical Infrastructure Protection (CIP) and Homeland 5.14. TIA - Critical Infrastructure Protection (CIP) and Homeland
Security (HS) Security (HS)
This TIA webpage identifies and links to many standards, other The TIA Cybersecurity Working Group advocates public policy positions
technical documents and ongoing activity involving or supporting related to the security of ICT equipment and services from a vendor
TIA's role in Public Safety and Homeland Security, Network Security, perspective as it relates to critical infrastructure, supply chain
Critical Infrastructure Protection and Assurance, National Security/ and information sharing.
Emergency Preparedness, Emergency Communications Services, Emergency
Calling and Location Identification Services, and the Needs of First
Responders.
http://www.tiaonline.org/standards/technology/ciphs/ http://www.tiaonline.org/policy/cybersecurity
5.15. NIST Special Publications (800 Series) 5.15. NIST Special Publications (800 Series)
http://csrc.nist.gov/publications/PubsSPs.html http://csrc.nist.gov/publications/PubsSPs.html
Special Publications in the 800 series present documents of general Special Publications in the 800 series present documents of general
interest to the computer security community. The Special Publication interest to the computer security community. The Special Publication
800 series was established in 1990 to provide a separate identity for 800 series was established in 1990 to provide a separate identity for
information technology security publications. This Special information technology security publications. This Special
Publication 800 series reports on ITL's research, guidelines, and Publication 800 series reports on ITL's research, guidelines, and
skipping to change at page 33, line 9 skipping to change at page 32, line 51
a year. Each bulletin presents an in-depth discussion of a single a year. Each bulletin presents an in-depth discussion of a single
topic of significant interest to the information systems community. topic of significant interest to the information systems community.
Not all of ITL Bulletins that are published relate to computer / Not all of ITL Bulletins that are published relate to computer /
network security. Only the computer security ITL Bulletins are found network security. Only the computer security ITL Bulletins are found
here. here.
5.18. SANS Information Security Reading Room 5.18. SANS Information Security Reading Room
http://www.sans.org/reading_room/ http://www.sans.org/reading_room/
Featuring over 1,885 original computer security white papers in 75 Featuring over 1,969 original computer security white papers in 77
different categories. different categories
Most of the computer security white papers in the Reading Room have Most of the computer security white papers in the Reading Room have
been written by students seeking GIAC certification to fulfill part been written by students seeking GIAC certification to fulfill part
of their certification requirements and are provided by SANS as a of their certification requirements and are provided by SANS as a
resource to benefit the security community at large. SANS attempts resource to benefit the security community at large. SANS attempts
to ensure the accuracy of information, but papers are published "as to ensure the accuracy of information, but papers are published "as
is". Errors or inconsistencies may exist or may be introduced over is". Errors or inconsistencies may exist or may be introduced over
time as material becomes dated. time as material becomes dated.
6. Security Considerations 6. Security Considerations
skipping to change at page 40, line 22 skipping to change at page 40, line 22
-17 : Seventeenth revision of the WG ID. -17 : Seventeenth revision of the WG ID.
Updated the date and reviewed the accuracy of Section 3. A couple Updated the date and reviewed the accuracy of Section 3. A couple
of changes made. of changes made.
-18 : Eighteenth revision of the WG ID. -18 : Eighteenth revision of the WG ID.
Updated the date and reviewed the accuracy of Section 4. Some Updated the date and reviewed the accuracy of Section 4. Some
changes made. changes made.
-19 : Ninteenth revision of the WG ID.
Updated the date and reviewed the accuracy of Section 5. Some
changes made.
Note: This section will be removed before publication as an RFC. Note: This section will be removed before publication as an RFC.
Authors' Addresses Authors' Addresses
Chris Lonvick Chris Lonvick
Cisco Systems Cisco Systems
12515 Research Blvd. 12515 Research Blvd.
Austin, Texas 78759 Austin, Texas 78759
US US
 End of changes. 9 change blocks. 
22 lines changed or deleted 24 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/