Re: [sacm] Call for Adoption of SACM Vulnerability Assessment Scenario
"Jim Bieda (jbieda)" <jbieda@cisco.com> Tue, 29 March 2016 19:59 UTC
Return-Path: <jbieda@cisco.com>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA5A112E171 for <sacm@ietfa.amsl.com>; Tue, 29 Mar 2016 12:59:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.53
X-Spam-Level:
X-Spam-Status: No, score=-14.53 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TXp14c_goaG1 for <sacm@ietfa.amsl.com>; Tue, 29 Mar 2016 12:59:51 -0700 (PDT)
Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8DC4612E1A2 for <sacm@ietf.org>; Tue, 29 Mar 2016 12:23:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=29495; q=dns/txt; s=iport; t=1459279404; x=1460489004; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=R+p9O2cX2SklUvm4iEDoz9oySnHV7PrpTLzr4bDkUkg=; b=ZviOQujJiwgIZh1FG8jjtXTNmeucYgDDIpkQTogMaiP8FtJHb4rX9m1A YvjmFKmpsVlHNZxfuSPtDPBIt555lHTxlZo6T8D4R7B5pbLPZwN4Y5odw LXZw7jjoTj+bpsdrDelkeYAG6o7wOG2d0zvPCtsEltt8nW2SiNBl+0v4a Y=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ASAgCa1fpW/5xdJa1dgmJMU30GryeJQoIPAQ2BcCGCPIMwAhyBGjgUAQEBAQEBAWQnhEEBAQEEHQYKQRsCAQgRAwEBASEHAwICAh8RFAkIAgQBEogSAxIOr1OLYw2EZQEBAQEBAQEBAQEBAQEBAQEBAQEBAREEhh2ERIINMoIUCg0JgkqCVgWTDoQtMQGFcYYggXWBZoRNiFqHO4dTAR4BAUKCAxmBSWwBh0B+AQEB
X-IronPort-AV: E=Sophos;i="5.24,412,1454976000"; d="scan'208,217";a="254909045"
Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by alln-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 29 Mar 2016 19:23:23 +0000
Received: from XCH-RCD-020.cisco.com (xch-rcd-020.cisco.com [173.37.102.30]) by rcdn-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id u2TJNNGZ014934 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 29 Mar 2016 19:23:23 GMT
Received: from xch-aln-018.cisco.com (173.36.7.28) by XCH-RCD-020.cisco.com (173.37.102.30) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Tue, 29 Mar 2016 14:23:22 -0500
Received: from xch-aln-018.cisco.com ([173.36.7.28]) by XCH-ALN-018.cisco.com ([173.36.7.28]) with mapi id 15.00.1104.009; Tue, 29 Mar 2016 14:23:22 -0500
From: "Jim Bieda (jbieda)" <jbieda@cisco.com>
To: "Haynes, Dan" <dhaynes@mitre.org>, Adam Montville <adam.w.montville@gmail.com>, "<sacm@ietf.org>" <sacm@ietf.org>
Thread-Topic: [sacm] Call for Adoption of SACM Vulnerability Assessment Scenario
Thread-Index: AQHRifB1Tunz0Hb3zkGRj9SZE8JFqw==
Date: Tue, 29 Mar 2016 19:23:22 +0000
Message-ID: <D320230E.6ED34%jbieda@cisco.com>
References: <FB944363-2A01-47D1-A5F9-2994E2E16226@gmail.com> <404706DD-A82B-4995-AB16-44DC7D7E22CD@gmail.com> <A1993EFA-39F1-481A-80E4-A755146F92A0@gmail.com> <E66F1D57-4B1F-4272-9D67-4A3431EC9AF3@gmail.com> <D31FFD41.6ECEB%jbieda@cisco.com> <CY1PR09MB09398BC0A2B9347740577201A5870@CY1PR09MB0939.namprd09.prod.outlook.com>
In-Reply-To: <CY1PR09MB09398BC0A2B9347740577201A5870@CY1PR09MB0939.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.2.160219
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.117.122.174]
Content-Type: multipart/alternative; boundary="_000_D320230E6ED34jbiedaciscocom_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/sacm/RQsxOXvpwqNGXcBxD-F5Ar2SV54>
Subject: Re: [sacm] Call for Adoption of SACM Vulnerability Assessment Scenario
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Mar 2016 19:59:54 -0000
Hi Danny, Yeah, it looked purely cosmetic to me – not a reflection on the substance of the section. Thanks! Jim From: "Haynes, Dan" <dhaynes@mitre.org<mailto:dhaynes@mitre.org>> Date: Tuesday, March 29, 2016 at 11:01 AM To: jbieda <jbieda@cisco.com<mailto:jbieda@cisco.com>>, Adam Montville <adam.w.montville@gmail.com<mailto:adam.w.montville@gmail.com>>, "<sacm@ietf.org<mailto:sacm@ietf.org>>" <sacm@ietf.org<mailto:sacm@ietf.org>> Subject: RE: [sacm] Call for Adoption of SACM Vulnerability Assessment Scenario Hi Jim, After a quick review of that section, that text was added based on mailing list feedback. Specifically, the feedback stated we should mention that the vulnerability description data contains very sensitive information and should be protected. Given that we addressed the feedback in the revised text, I think we can just remove the “TODO” in the next revision of the document. This document provides a core narrative that walks through an automated enterprise vulnerability assessment scenario and is aligned with SACM "Endpoint Security Posture Assessment: Enterprise Use Cases" [RFC7632]. As a result, the security considerations for [RFC7632] apply to this document. Furthermore, the vulnerability description data may provide attackers with useful information such as what software an enterprise is running on their endpoints. As a result, organizations should properly protect the vulnerability description data it ingests.***TODO IS THIS COVERED BY RFC7632???*** Sorry for missing that. Thanks, Danny From: sacm [mailto:sacm-bounces@ietf.org] On Behalf Of Jim Bieda (jbieda) Sent: Tuesday, March 29, 2016 12:39 PM To: Adam Montville <adam.w.montville@gmail.com<mailto:adam.w.montville@gmail.com>>; <sacm@ietf.org<mailto:sacm@ietf.org>> <sacm@ietf.org<mailto:sacm@ietf.org>> Subject: Re: [sacm] Call for Adoption of SACM Vulnerability Assessment Scenario I’m OK with adoption. One question: There is a ***TODO …*** in Section 8. Security Considerations. Should that get fixed prior to adoption? Thanks, Jim From: sacm <sacm-bounces@ietf.org<mailto:sacm-bounces@ietf.org>> on behalf of Adam Montville <adam.w.montville@gmail.com<mailto:adam.w.montville@gmail.com>> Date: Monday, March 28, 2016 at 2:43 PM To: "<sacm@ietf.org<mailto:sacm@ietf.org>>" <sacm@ietf.org<mailto:sacm@ietf.org>> Subject: Re: [sacm] Call for Adoption of SACM Vulnerability Assessment Scenario REMINDER If you believe that the vulnerability assessment scenario is a worthwhile draft for this WG to adopt, please respond to this adoption call. If you do not believe as such, please respond with explanation. We cannot work on this draft without first adopting it as a working group. As contributor: I would like to see the WG adopt this draft. As an aside: We have had positive discussions about adopting this draft in more than one WG meeting, so I am surprised to see this lack of response. If anyone has responded and has not seen their response come across the archive (https://mailarchive.ietf.org/arch/search/?email_list=sacm) please reach out to me directly. Kind regards, Adam On Mar 24, 2016, at 12:58 PM, Adam Montville <adam.w.montville@gmail.com<mailto:adam.w.montville@gmail.com>> wrote: Because the original message didn’t seem to make it to the list, let’s set this up again and hope it takes. Please opine no later than 23:59 UTC on March 31. On Mar 24, 2016, at 11:09 AM, Adam Montville <adam.w.montville@gmail.com<mailto:adam.w.montville@gmail.com>> wrote: Did anyone see this original note? On Mar 9, 2016, at 2:06 PM, Adam Montville <adam.w.montville@gmail.com<mailto:adam.w.montville@gmail.com>> wrote: All: This messages serves as a consensus call to adopt the SACM Vulnerability Assessment Scenario draft: https://datatracker.ietf.org/doc/draft-coffin-sacm-vuln-scenario/ Please opine no later than 23:59 UTC on March 16. Kind regards, Adam
- Re: [sacm] Call for Adoption of SACM Vulnerabilit… Adam Montville
- Re: [sacm] Call for Adoption of SACM Vulnerabilit… Adam Montville
- Re: [sacm] Call for Adoption of SACM Vulnerabilit… Waltermire, David A. (Fed)
- Re: [sacm] Call for Adoption of SACM Vulnerabilit… Adam Montville
- Re: [sacm] Call for Adoption of SACM Vulnerabilit… Booth, Harold (Fed)
- Re: [sacm] Call for Adoption of SACM Vulnerabilit… Landfield, Kent B
- Re: [sacm] Call for Adoption of SACM Vulnerabilit… Gunnar Engelbach
- Re: [sacm] Call for Adoption of SACM Vulnerabilit… Jim Schaad
- Re: [sacm] Call for Adoption of SACM Vulnerabilit… Steve Klos
- Re: [sacm] Call for Adoption of SACM Vulnerabilit… Michael Godsey
- Re: [sacm] Call for Adoption of SACM Vulnerabilit… Romascanu, Dan (Dan)
- Re: [sacm] [Non-DoD Source] Re: Call for Adoption… Wolfkiel, Joseph L CIV DISA ID (US)
- Re: [sacm] Call for Adoption of SACM Vulnerabilit… Lisa Lorenzin
- Re: [sacm] Call for Adoption of SACM Vulnerabilit… Stevens, Josh (Cyber Security)
- Re: [sacm] Call for Adoption of SACM Vulnerabilit… Schmidt, Charles M.
- Re: [sacm] Call for Adoption of SACM Vulnerabilit… Haynes, Dan
- Re: [sacm] Call for Adoption of SACM Vulnerabilit… Richard P. Adams
- Re: [sacm] Call for Adoption of SACM Vulnerabilit… Ira McDonald
- Re: [sacm] Call for Adoption of SACM Vulnerabilit… Jim Bieda (jbieda)
- Re: [sacm] Call for Adoption of SACM Vulnerabilit… Haynes, Dan
- Re: [sacm] Call for Adoption of SACM Vulnerabilit… Lisa Lorenzin
- Re: [sacm] Call for Adoption of SACM Vulnerabilit… Jim Bieda (jbieda)
- Re: [sacm] Call for Adoption of SACM Vulnerabilit… Michael Hammer