draft-ietf-opsec-efforts-18.txt | draft-ietf-opsec-efforts-19.txt | |||
---|---|---|---|---|
Network Working Group C. Lonvick | Network Working Group C. Lonvick | |||
Internet-Draft D. Spak | Internet-Draft D. Spak | |||
Intended status: Informational Cisco Systems | Intended status: Informational Cisco Systems | |||
Expires: October 20, 2012 April 18, 2012 | Expires: April 20, 2013 October 17, 2012 | |||
Security Best Practices Efforts and Documents | Security Best Practices Efforts and Documents | |||
draft-ietf-opsec-efforts-18.txt | draft-ietf-opsec-efforts-19.txt | |||
Abstract | Abstract | |||
This document provides a snapshot of the current efforts to define or | This document provides a snapshot of the current efforts to define or | |||
apply security requirements in various Standards Developing | apply security requirements in various Standards Developing | |||
Organizations (SDO). | Organizations (SDO). | |||
Status of this Memo | Status of this Memo | |||
This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
skipping to change at page 1, line 32 | skipping to change at page 1, line 32 | |||
Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
This Internet-Draft will expire on October 20, 2012. | This Internet-Draft will expire on April 20, 2013. | |||
Copyright Notice | Copyright Notice | |||
Copyright (c) 2012 IETF Trust and the persons identified as the | Copyright (c) 2012 IETF Trust and the persons identified as the | |||
document authors. All rights reserved. | document authors. All rights reserved. | |||
This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
(http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
publication of this document. Please review these documents | publication of this document. Please review these documents | |||
skipping to change at page 3, line 41 | skipping to change at page 3, line 41 | |||
5.9. ITU-T Study Group 2 . . . . . . . . . . . . . . . . . . . 28 | 5.9. ITU-T Study Group 2 . . . . . . . . . . . . . . . . . . . 28 | |||
5.10. ITU-T Study Group 17 . . . . . . . . . . . . . . . . . . . 28 | 5.10. ITU-T Study Group 17 . . . . . . . . . . . . . . . . . . . 28 | |||
5.11. NRIC VII Focus Groups . . . . . . . . . . . . . . . . . . 30 | 5.11. NRIC VII Focus Groups . . . . . . . . . . . . . . . . . . 30 | |||
5.12. OASIS Security Technical Committees . . . . . . . . . . . 31 | 5.12. OASIS Security Technical Committees . . . . . . . . . . . 31 | |||
5.13. OIF Implementation Agreements . . . . . . . . . . . . . . 31 | 5.13. OIF Implementation Agreements . . . . . . . . . . . . . . 31 | |||
5.14. TIA - Critical Infrastructure Protection (CIP) and | 5.14. TIA - Critical Infrastructure Protection (CIP) and | |||
Homeland Security (HS) . . . . . . . . . . . . . . . . . . 31 | Homeland Security (HS) . . . . . . . . . . . . . . . . . . 31 | |||
5.15. NIST Special Publications (800 Series) . . . . . . . . . . 32 | 5.15. NIST Special Publications (800 Series) . . . . . . . . . . 32 | |||
5.16. NIST Interagency or Internal Reports (NISTIRs) . . . . . . 32 | 5.16. NIST Interagency or Internal Reports (NISTIRs) . . . . . . 32 | |||
5.17. NIST ITL Security Bulletins . . . . . . . . . . . . . . . 32 | 5.17. NIST ITL Security Bulletins . . . . . . . . . . . . . . . 32 | |||
5.18. SANS Information Security Reading Room . . . . . . . . . . 33 | 5.18. SANS Information Security Reading Room . . . . . . . . . . 32 | |||
6. Security Considerations . . . . . . . . . . . . . . . . . . . 34 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 34 | |||
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 35 | 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 35 | |||
8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 36 | 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 36 | |||
9. Changes from Prior Drafts . . . . . . . . . . . . . . . . . . 37 | 9. Changes from Prior Drafts . . . . . . . . . . . . . . . . . . 37 | |||
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 41 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 41 | |||
1. Introduction | 1. Introduction | |||
The Internet is being recognized as a critical infrastructure similar | The Internet is being recognized as a critical infrastructure similar | |||
in nature to the power grid and a potable water supply. Just like | in nature to the power grid and a potable water supply. Just like | |||
skipping to change at page 22, line 30 | skipping to change at page 22, line 30 | |||
Security Telecommunications Advisory Committee (NSTAC) mission is to | Security Telecommunications Advisory Committee (NSTAC) mission is to | |||
provide the U.S. Government the best possible industry advice in | provide the U.S. Government the best possible industry advice in | |||
these areas. | these areas. | |||
4.17. TIA - The Telecommunications Industry Association | 4.17. TIA - The Telecommunications Industry Association | |||
http://www.tiaonline.org/ | http://www.tiaonline.org/ | |||
The Telecommunications Industry Association (TIA) is the leading | The Telecommunications Industry Association (TIA) is the leading | |||
trade association representing the global information and | trade association representing the global information and | |||
communications technology (ICT) industries through standards | communications technology (ICT) industry through Standards | |||
development, government affairs, business opportunities, market | development, Policy initiatives, business opportunities, market | |||
intelligence, certification and world-wide environmental regulatory | intelligence and networking events. With support from hundreds of | |||
compliance. With support from its 600 members, TIA enhances the | members, TIA enhances the business environment for companies involved | |||
business environment for companies involved in telecommunications, | in telecom, broadband, mobile wireless, information technology, | |||
broadband, mobile wireless, information technology, networks, cable, | networks, cable, satellite, unified communications, emergency | |||
satellite, unified communications, emergency communications and the | communications and the greening of technology. TIA is accredited by | |||
greening of technology. TIA is accredited by ANSI. | ANSI. | |||
4.17.1. APCO Project 25 Public Safety Standards | 4.17.1. APCO Project 25 Public Safety Standards | |||
http://www.tiaonline.org/all-standards/committees/tr-8 | http://www.tiaonline.org/all-standards/committees/tr-8 | |||
Recognizing the need for common standards for first responders and | Recognizing the need for common standards for first responders and | |||
homeland security/emergency response professionals, representatives | homeland security/emergency response professionals, representatives | |||
from the Association of Public Safety Communications Officials | from the Association of Public Safety Communications Officials | |||
International (APCO), the National Association of State | International (APCO), the National Association of State | |||
Telecommunications Directors (NASTD), selected federal agencies and | Telecommunications Directors (NASTD), selected federal agencies and | |||
skipping to change at page 31, line 51 | skipping to change at page 31, line 51 | |||
(September 2003) | (September 2003) | |||
http://www.oiforum.com/public/documents/SecurityMgmt-IA.pdf | http://www.oiforum.com/public/documents/SecurityMgmt-IA.pdf | |||
OIF-SMI-02.1 - Addendum to the Security for Management Interfaces to | OIF-SMI-02.1 - Addendum to the Security for Management Interfaces to | |||
Network Elements (March 2006) | Network Elements (March 2006) | |||
http://www.oiforum.com/public/documents/OIF-SMI-02_1.pdf | http://www.oiforum.com/public/documents/OIF-SMI-02_1.pdf | |||
5.14. TIA - Critical Infrastructure Protection (CIP) and Homeland | 5.14. TIA - Critical Infrastructure Protection (CIP) and Homeland | |||
Security (HS) | Security (HS) | |||
This TIA webpage identifies and links to many standards, other | The TIA Cybersecurity Working Group advocates public policy positions | |||
technical documents and ongoing activity involving or supporting | related to the security of ICT equipment and services from a vendor | |||
TIA's role in Public Safety and Homeland Security, Network Security, | perspective as it relates to critical infrastructure, supply chain | |||
Critical Infrastructure Protection and Assurance, National Security/ | and information sharing. | |||
Emergency Preparedness, Emergency Communications Services, Emergency | ||||
Calling and Location Identification Services, and the Needs of First | ||||
Responders. | ||||
http://www.tiaonline.org/standards/technology/ciphs/ | http://www.tiaonline.org/policy/cybersecurity | |||
5.15. NIST Special Publications (800 Series) | 5.15. NIST Special Publications (800 Series) | |||
http://csrc.nist.gov/publications/PubsSPs.html | http://csrc.nist.gov/publications/PubsSPs.html | |||
Special Publications in the 800 series present documents of general | Special Publications in the 800 series present documents of general | |||
interest to the computer security community. The Special Publication | interest to the computer security community. The Special Publication | |||
800 series was established in 1990 to provide a separate identity for | 800 series was established in 1990 to provide a separate identity for | |||
information technology security publications. This Special | information technology security publications. This Special | |||
Publication 800 series reports on ITL's research, guidelines, and | Publication 800 series reports on ITL's research, guidelines, and | |||
skipping to change at page 33, line 9 | skipping to change at page 32, line 51 | |||
a year. Each bulletin presents an in-depth discussion of a single | a year. Each bulletin presents an in-depth discussion of a single | |||
topic of significant interest to the information systems community. | topic of significant interest to the information systems community. | |||
Not all of ITL Bulletins that are published relate to computer / | Not all of ITL Bulletins that are published relate to computer / | |||
network security. Only the computer security ITL Bulletins are found | network security. Only the computer security ITL Bulletins are found | |||
here. | here. | |||
5.18. SANS Information Security Reading Room | 5.18. SANS Information Security Reading Room | |||
http://www.sans.org/reading_room/ | http://www.sans.org/reading_room/ | |||
Featuring over 1,885 original computer security white papers in 75 | Featuring over 1,969 original computer security white papers in 77 | |||
different categories. | different categories | |||
Most of the computer security white papers in the Reading Room have | Most of the computer security white papers in the Reading Room have | |||
been written by students seeking GIAC certification to fulfill part | been written by students seeking GIAC certification to fulfill part | |||
of their certification requirements and are provided by SANS as a | of their certification requirements and are provided by SANS as a | |||
resource to benefit the security community at large. SANS attempts | resource to benefit the security community at large. SANS attempts | |||
to ensure the accuracy of information, but papers are published "as | to ensure the accuracy of information, but papers are published "as | |||
is". Errors or inconsistencies may exist or may be introduced over | is". Errors or inconsistencies may exist or may be introduced over | |||
time as material becomes dated. | time as material becomes dated. | |||
6. Security Considerations | 6. Security Considerations | |||
skipping to change at page 40, line 22 | skipping to change at page 40, line 22 | |||
-17 : Seventeenth revision of the WG ID. | -17 : Seventeenth revision of the WG ID. | |||
Updated the date and reviewed the accuracy of Section 3. A couple | Updated the date and reviewed the accuracy of Section 3. A couple | |||
of changes made. | of changes made. | |||
-18 : Eighteenth revision of the WG ID. | -18 : Eighteenth revision of the WG ID. | |||
Updated the date and reviewed the accuracy of Section 4. Some | Updated the date and reviewed the accuracy of Section 4. Some | |||
changes made. | changes made. | |||
-19 : Ninteenth revision of the WG ID. | ||||
Updated the date and reviewed the accuracy of Section 5. Some | ||||
changes made. | ||||
Note: This section will be removed before publication as an RFC. | Note: This section will be removed before publication as an RFC. | |||
Authors' Addresses | Authors' Addresses | |||
Chris Lonvick | Chris Lonvick | |||
Cisco Systems | Cisco Systems | |||
12515 Research Blvd. | 12515 Research Blvd. | |||
Austin, Texas 78759 | Austin, Texas 78759 | |||
US | US | |||
End of changes. 9 change blocks. | ||||
22 lines changed or deleted | 24 lines changed or added | |||
This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ |