[sacm] Charter Including Sean's Changes

Stephen Hanna <shanna@juniper.net> Thu, 24 January 2013 18:02 UTC

Return-Path: <shanna@juniper.net>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB81121F86D9 for <sacm@ietfa.amsl.com>; Thu, 24 Jan 2013 10:02:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.467
X-Spam-Level:
X-Spam-Status: No, score=-103.467 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, UNRESOLVED_TEMPLATE=3.132, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H+zsmk0GAdjg for <sacm@ietfa.amsl.com>; Thu, 24 Jan 2013 10:02:46 -0800 (PST)
Received: from exprod7og127.obsmtp.com (exprod7og127.obsmtp.com [64.18.2.210]) by ietfa.amsl.com (Postfix) with ESMTP id A3C3621F86CC for <sacm@ietf.org>; Thu, 24 Jan 2013 10:02:46 -0800 (PST)
Received: from P-EMHUB03-HQ.jnpr.net ([66.129.224.36]) (using TLSv1) by exprod7ob127.postini.com ([64.18.6.12]) with SMTP ID DSNKUQF3RhKVm+5V83Zg16ChiLysrq6Cs8C2@postini.com; Thu, 24 Jan 2013 10:02:46 PST
Received: from P-CLDFE01-HQ.jnpr.net (172.24.192.59) by P-EMHUB03-HQ.jnpr.net (172.24.192.37) with Microsoft SMTP Server (TLS) id 8.3.213.0; Thu, 24 Jan 2013 10:01:01 -0800
Received: from o365mail.juniper.net (207.17.137.224) by o365mail.juniper.net (172.24.192.59) with Microsoft SMTP Server id 14.1.355.2; Thu, 24 Jan 2013 10:01:01 -0800
Received: from db3outboundpool.messaging.microsoft.com (213.199.154.143) by o365mail.juniper.net (207.17.137.224) with Microsoft SMTP Server (TLS) id 14.1.355.2; Thu, 24 Jan 2013 10:09:00 -0800
Received: from mail84-db3-R.bigfish.com (10.3.81.248) by DB3EHSOBE008.bigfish.com (10.3.84.28) with Microsoft SMTP Server id 14.1.225.23; Thu, 24 Jan 2013 18:00:59 +0000
Received: from mail84-db3 (localhost [127.0.0.1]) by mail84-db3-R.bigfish.com (Postfix) with ESMTP id F4029E0108 for <sacm@ietf.org.FOPE.CONNECTOR.OVERRIDE>; Thu, 24 Jan 2013 18:00:58 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:157.56.236.101; KIP:(null); UIP:(null); (null); H:BY2PRD0510HT004.namprd05.prod.outlook.com; R:internal; EFV:INT
X-SpamScore: -21
X-BigFish: PS-21(zzc85fh4015Izz1ee6h1de0h1202h1e76h1d1ah1d2ahzz1033IL17326ah8275dh8275bhz2dh2a8h668h839hd25hf0ah1288h12a5h12bdh137ah1441h1504h1537h153bh15d0h162dh1631h1758h18e1h34h1155h)
Received: from mail84-db3 (localhost.localdomain [127.0.0.1]) by mail84-db3 (MessageSwitch) id 1359050456348061_5655; Thu, 24 Jan 2013 18:00:56 +0000 (UTC)
Received: from DB3EHSMHS013.bigfish.com (unknown [10.3.81.242]) by mail84-db3.bigfish.com (Postfix) with ESMTP id 52029200255 for <sacm@ietf.org>; Thu, 24 Jan 2013 18:00:56 +0000 (UTC)
Received: from BY2PRD0510HT004.namprd05.prod.outlook.com (157.56.236.101) by DB3EHSMHS013.bigfish.com (10.3.87.113) with Microsoft SMTP Server (TLS) id 14.1.225.23; Thu, 24 Jan 2013 18:00:55 +0000
Received: from BY2PRD0510MB366.namprd05.prod.outlook.com ([169.254.5.218]) by BY2PRD0510HT004.namprd05.prod.outlook.com ([10.255.84.39]) with mapi id 14.16.0257.004; Thu, 24 Jan 2013 18:00:54 +0000
From: Stephen Hanna <shanna@juniper.net>
To: "sacm@ietf.org" <sacm@ietf.org>
Thread-Topic: Charter Including Sean's Changes
Thread-Index: Ac36XMAc2UqnV+ShSVeQRpFkhpqAwA==
Date: Thu, 24 Jan 2013 18:00:54 +0000
Message-ID: <F1DFC16DCAA7D3468651A5A776D5796E069B5E8F@BY2PRD0510MB366.namprd05.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [66.129.232.2]
Content-Type: multipart/mixed; boundary="_002_F1DFC16DCAA7D3468651A5A776D5796E069B5E8FBY2PRD0510MB366_"
MIME-Version: 1.0
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
X-FOPE-CONNECTOR: Id%12219$Dn%IETF.ORG$RO%2$TLS%5$FQDN%onpremiseedge-1018244.customer.frontbridge.com$TlsDn%o365mail.juniper.net
Subject: [sacm] Charter Including Sean's Changes
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion List for IETFers interested in the Security Content Automation Protocol \(SCAP\)." <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sacm>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Jan 2013 18:02:47 -0000

Here (below and attached) is a charter that includes
the changes suggested by Sean Turner. At least, this
is my interpretation of Sean's suggestions. 

Comments most welcome!

Thanks,

Steve

----------

Proposed Working Group Charter

Name: Security Automation and Continuous Monitoring (SACM)
AREA: Security

Chairs:
TBD
TBD

Security Area Directors:
     Stephen Farrell <stephen.farrell at cs.tcd.ie>
     Sean Turner <turners at ieca.com>

Security Area Advisor:
     Sean Turner <turners at ieca.com>

Mailing Lists:
     General Discussion: sacm at ietf.org
     To Subscribe:       http://www.ietf.org/mailman/listinfo/sacm
     Archive:            http://www.ietf.org/mail-archive/web/sacm

Description of Working Group

Securing information and the systems that store, process, and transmit
that information is a challenging task for organizations of all sizes,
and many security practitioners spend most of their time on manual
processes relegating them to ineffectiveness. The key to escaping this
rut is security automation to collect, verify, and update system
configurations with the ability to prioritize risk based on timely
information about threats. This working group will develop security
automation protocols and data format standards in support of
information security processes and practices. These standards will
help security practitioners to be more effective by automating routine
tasks related to client and server security freeing them to focus on
more advanced tasks. The initial focus of this work is to address
enterprise use cases pertaining to the assessment of endpoint posture
(using the definitions of Endpoint and Posture from RFC 5209).

The working group will, whenever reasonable and possible, reuse
existing protocols and mechanisms. Of particular interest to this
working group are the security automation specifications supporting
asset, change, configuration, and vulnerability management.

There are multiple categories of problems in the security automation
realm: enabling interoperable data exchanges through standardized
protocols, defining expressions for particular domain concepts
(i.e. data formats), establishing a standards-based foundation
supporting the curation and exchange of security automation content
collections in content repositories, and enabling interoperability
through the development and use of standard interfaces and
communication protocols. Content based on rich and extensible data
standards and protocols will provide the authoritative instructions
needed by data-driven tools to enable the automated collection of
configuration and vulnerability data pertaining to enterprise
assets. Information produced by these tools will provide accurate and
timely situational awareness in support of organizational decision
making.

The data exchange protocols will need to support several exchange
types including requesting assessments and reporting on assessment
results. Exchanging information across organizational boundaries will
not be within scope for this effort at this time.

This working group will provide solutions to these categories of
problems and the main areas of focus for this working group are
described as follows:

1. A set of standards to enable assessment of endpoint posture.
   This area of focus provides for necessary language and data
   format specifications.

2. A set of standards for interacting with repositories of content
   related to assessment of endpoint posture.

This working group will achieve the following milestones:

- An Informational document on Use Cases and Requirements
- An Informational document on SACM Architecture
- A Standards Track document to define a protocol for interacting
  with content repositories
- Standards Track documents specifying communication protocols and
  data formats used for assessment of endpoint posture

After these work items have been submitted to and approved by
the IESG, the WG will recharter or close.