draft-ietf-sacm-requirements-13.txt   draft-ietf-sacm-requirements-14.txt 
SACM N. Cam-Winget SACM N. Cam-Winget
Internet-Draft Cisco Systems Internet-Draft Cisco Systems
Intended status: Informational L. Lorenzin Intended status: Informational L. Lorenzin
Expires: September 18, 2016 Pulse Secure Expires: March 22, 2017 Pulse Secure
March 17, 2016 September 18, 2016
Security Automation and Continuous Monitoring (SACM) Requirements Security Automation and Continuous Monitoring (SACM) Requirements
draft-ietf-sacm-requirements-13 draft-ietf-sacm-requirements-14
Abstract Abstract
This document defines the scope and set of requirements for the This document defines the scope and set of requirements for the
Secure Automation and Continuous Monitoring (SACM) architecture, data Secure Automation and Continuous Monitoring (SACM) architecture, data
model and transport protocols. The requirements and scope are based model and transport protocols. The requirements and scope are based
on the agreed upon use cases. on the agreed upon use cases.
Status of This Memo Status of This Memo
skipping to change at page 1, line 34 skipping to change at page 1, line 34
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 18, 2016. This Internet-Draft will expire on March 22, 2017.
Copyright Notice Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 15 skipping to change at page 2, line 15
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3
2. Requirements . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Requirements . . . . . . . . . . . . . . . . . . . . . . . . 3
2.1. Requirements for SACM . . . . . . . . . . . . . . . . . . 4 2.1. Requirements for SACM . . . . . . . . . . . . . . . . . . 4
2.2. Requirements for the Architecture . . . . . . . . . . . . 7 2.2. Requirements for the Architecture . . . . . . . . . . . . 7
2.3. Requirements for the Information Model . . . . . . . . . 8 2.3. Requirements for the Information Model . . . . . . . . . 8
2.4. Requirements for the Data Model . . . . . . . . . . . . . 9 2.4. Requirements for the Data Model . . . . . . . . . . . . . 9
2.5. Requirements for Data Model Operations . . . . . . . . . 12 2.5. Requirements for Data Model Operations . . . . . . . . . 12
2.6. Requirements for SACM Transport Protocols . . . . . . . . 13 2.6. Requirements for SACM Transport Protocols . . . . . . . . 14
3. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 15 3. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 15
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15
5. Security Considerations . . . . . . . . . . . . . . . . . . . 15 5. Security Considerations . . . . . . . . . . . . . . . . . . . 15
5.1. Trust between Provider and Requestor . . . . . . . . . . 16 5.1. Trust between Provider and Requestor . . . . . . . . . . 16
5.2. Privacy Considerations . . . . . . . . . . . . . . . . . 17 5.2. Privacy Considerations . . . . . . . . . . . . . . . . . 17
6. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 17 6. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 17
6.1. -05 to -06 . . . . . . . . . . . . . . . . . . . . . . . 17 6.1. -05 to -06 . . . . . . . . . . . . . . . . . . . . . . . 18
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 18 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 18
7.1. Normative References . . . . . . . . . . . . . . . . . . 18 7.1. Normative References . . . . . . . . . . . . . . . . . . 18
7.2. Informative References . . . . . . . . . . . . . . . . . 18 7.2. Informative References . . . . . . . . . . . . . . . . . 18
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 18 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19
1. Introduction 1. Introduction
Today's environment of rapidly-evolving security threats highlights Today's environment of rapidly-evolving security threats highlights
the need to automate the sharing of security information (such as the need to automate the sharing of security information (such as
posture information) while protecting user information as well as the posture information) while protecting user information as well as the
systems that store, process, and transmit this information. Security systems that store, process, and transmit this information. Security
threats can be detected in a number of ways. SACM's charter focuses threats can be detected in a number of ways. SACM's charter focuses
on how to collect and share this information based on use cases that on how to collect and share this information based on use cases that
involve posture assessment of endpoints. involve posture assessment of endpoints.
skipping to change at page 10, line 10 skipping to change at page 10, line 10
shared. It is expected that as applications may produce posture shared. It is expected that as applications may produce posture
assessment information, they may share it using a specific data assessment information, they may share it using a specific data
model. Similarly, applications consuming or requesting posture model. Similarly, applications consuming or requesting posture
assessment information, may require it be based on a specific data assessment information, may require it be based on a specific data
model. Thus, while there may exist different data models and model. Thus, while there may exist different data models and
schemas, they should adhere to the SACM information model and meet schemas, they should adhere to the SACM information model and meet
the requirements defined in this section. the requirements defined in this section.
The specific requirements for candidate data models include: The specific requirements for candidate data models include:
DM-001 Element Association: The data model MUST contain a data model DM-001 Element Association: A SACM Information Model consists of a
element for each information model element (e.g. endpoint, IP set of SACM Information Model elements. A SACM Data Model MUST be
address, asset). In other words, for every item in the information derived from the SACM Information Model. A SACM Data Model consists
model, there must be an item in the data model. The data model can of a set of SACM Data Model elements. In this derivation, a SACM
also include elements that do not exist in the information model. Data Model element MAY map to one or more SACM Information Model
elements. In addition, a SACM Data Model MAY include additional
Data Model elements that are not associated with any SACM
Information Model elements.
DM-002 Data Model Structure: The data model can be structured either DM-002 Data Model Structure: The data model can be structured either
as one single module or separated into modules and sub-modules that as one single module or separated into modules and sub-modules that
allow for references between them. The data model structure MAY allow for references between them. The data model structure MAY
reflect structure in the information model, but does not need to. reflect structure in the information model, but does not need to.
For example, the data model might use one module to define For example, the data model might use one module to define
endpoints, and that module might reference other modules that endpoints, and that module might reference other modules that
describe the various assets associated with the endpoint. describe the various assets associated with the endpoint.
Constraints and interfaces might further be defined to resolve or Constraints and interfaces might further be defined to resolve or
tolerate ambiguity in the references (e.g. same IP address used in tolerate ambiguity in the references (e.g. same IP address used in
skipping to change at page 18, line 13 skipping to change at page 18, line 21
Cleaned up some of the OP-XXX and ARCH-XXX per Jim Schaad's comments. Cleaned up some of the OP-XXX and ARCH-XXX per Jim Schaad's comments.
Updated some of the text around Editor notes and removed all 'Editor Updated some of the text around Editor notes and removed all 'Editor
Note' comments Note' comments
7. References 7. References
7.1. Normative References 7.1. Normative References
[I-D.ietf-sacm-terminology] [I-D.ietf-sacm-terminology]
Birkholz, H., "Secure Automation and Continuous Monitoring Birkholz, H., Lu, J., Strassner, J., and N. Cam-Winget,
(SACM) Terminology", draft-ietf-sacm-terminology-08 (work "Secure Automation and Continuous Monitoring (SACM)
in progress), October 2015. Terminology", draft-ietf-sacm-terminology-11 (work in
progress), September 2016.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>. <http://www.rfc-editor.org/info/rfc2119>.
[RFC5209] Sangster, P., Khosravi, H., Mani, M., Narayan, K., and J. [RFC5209] Sangster, P., Khosravi, H., Mani, M., Narayan, K., and J.
Tardo, "Network Endpoint Assessment (NEA): Overview and Tardo, "Network Endpoint Assessment (NEA): Overview and
Requirements", RFC 5209, DOI 10.17487/RFC5209, June 2008, Requirements", RFC 5209, DOI 10.17487/RFC5209, June 2008,
<http://www.rfc-editor.org/info/rfc5209>. <http://www.rfc-editor.org/info/rfc5209>.
 End of changes. 8 change blocks. 
15 lines changed or deleted 19 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/