IETF Logo Mail Archive

[sacm] Vulnerability Assessment Scenario Issue #23 - Update Appendix E to Reference CSC v6.0

"Haynes, Dan" <dhaynes@mitre.org> Fri, 17 June 2016 12:59 UTC

Return-Path: <dhaynes@mitre.org>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2C0D12D1E7 for <sacm@ietfa.amsl.com>; Fri, 17 Jun 2016 05:59:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.625
X-Spam-Level:
X-Spam-Status: No, score=-5.625 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.426] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mitre.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WeMIf0pBnHlA for <sacm@ietfa.amsl.com>; Fri, 17 Jun 2016 05:59:28 -0700 (PDT)
Received: from smtpvmsrv1.mitre.org (smtpvmsrv1.mitre.org [192.52.194.136]) by ietfa.amsl.com (Postfix) with ESMTP id 0E0F812D520 for <sacm@ietf.org>; Fri, 17 Jun 2016 05:59:24 -0700 (PDT)
Received: from smtpvmsrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id A44046C026D for <sacm@ietf.org>; Fri, 17 Jun 2016 08:59:23 -0400 (EDT)
Received: from imshyb02.MITRE.ORG (imshyb02.mitre.org [129.83.29.3]) by smtpvmsrv1.mitre.org (Postfix) with ESMTP id 824F36C002E for <sacm@ietf.org>; Fri, 17 Jun 2016 08:59:23 -0400 (EDT)
Received: from imshyb01.MITRE.ORG (129.83.29.2) by imshyb02.MITRE.ORG (129.83.29.3) with Microsoft SMTP Server (TLS) id 15.0.1130.7; Fri, 17 Jun 2016 08:59:22 -0400
Received: from gcc01-CY1-obe.outbound.protection.outlook.com (10.140.19.249) by imshyb01.MITRE.ORG (129.83.29.2) with Microsoft SMTP Server (TLS) id 15.0.1130.7 via Frontend Transport; Fri, 17 Jun 2016 08:59:22 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mitre.onmicrosoft.com; s=selector1-mitre-org; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=i7KpKG94mftBRKXhtvjTjZrmzrfU3mA0t8ySbmDzZDc=; b=CI1X89rjVwXWCz/cgoRLoV4MR6jH8YvgWqESSiLLDBzevGB+6TZj1Vs2TdOuz09uwzUkkA7NpgMAd1pp4jJZbAwrlaVYkHQdaIBA4O+jO9wJF7Sa5uBhSc4bFlmXUdtSAVr+TVDpCgCtLPsujVDCVu/Jvo27JuF7IXm10hptyco=
Received: from BY2PR09MB1078.namprd09.prod.outlook.com (10.166.116.10) by BY2PR09MB1078.namprd09.prod.outlook.com (10.166.116.10) with Microsoft SMTP Server (TLS) id 15.1.523.12; Fri, 17 Jun 2016 12:59:15 +0000
Received: from BY2PR09MB1078.namprd09.prod.outlook.com ([10.166.116.10]) by BY2PR09MB1078.namprd09.prod.outlook.com ([10.166.116.10]) with mapi id 15.01.0523.015; Fri, 17 Jun 2016 12:59:15 +0000
From: "Haynes, Dan" <dhaynes@mitre.org>
To: "sacm@ietf.org" <sacm@ietf.org>
Thread-Topic: Vulnerability Assessment Scenario Issue #23 - Update Appendix E to Reference CSC v6.0
Thread-Index: AdHIkuRuh5CvhlIOStepa2ZMRUUCng==
Date: Fri, 17 Jun 2016 12:59:15 +0000
Message-ID: <BY2PR09MB10785E8DAC1DC5D76942955DA5570@BY2PR09MB1078.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=dhaynes@mitre.org;
x-originating-ip: [192.160.51.89]
x-ms-office365-filtering-correlation-id: 0421fb75-c9dc-4a56-81d7-08d396af3004
x-microsoft-exchange-diagnostics: 1; BY2PR09MB1078; 6:rdAbuoLXwuHMCpY9l1skdmuOKQpwHa8LouHEeTx0RxuF3i4OMJ4SJWG8ZdtQ9Yq6yoKP19Lu/MaVaQl0y/FCJZdtKKDNdhbyUspCzINOs5nt5Y7YFmKDSDfmOXikDlp3w605hh3muQSU7bZh7zM3cgGK760Gq2k8MQ2duSGm9ZktVkfc6LtBZPKScnObT9TDMmFeOLMXiMoNEA3WlC/zIabDaME1LkH/73tVDh27RVKVM8wL8AJM55W2wzFBIn5oQCLPJSKkhvUG+zEKtg7BgSrIE1+198o7El56opHEXAoFBzInptm6QWtqNKgCIBziecswiOrKO1ASCzIsm79O3Q==; 5:lgW8W+5zeeTDfbHsk8Ehw1PqdTojQnJYxDksVZJ+krZVixhRmsIDY+I1Uob57Xvu5NrBrfCJjhB4KwEITKRM1ewioM8ehE3XnviUaAaJzZZRxSB7ccCuNZXprqW8GEbLwgQsP0erfHiR2VYJ3UU6LA==; 24:5WChyeNLDwweKAMHzRy+uSkG3/DmBn3XYXGrDy5y51Tf7Upmor88eS4SYTOZQQUlkA5P0HJaQjSGqfKFFH7lP9E9wLkK5JScYGBkOI5fZ9k=; 7:j/caISSIlaEI4Qf2BM0IW3N8bdSmjiR5aPzXoCjoAxDTKDVrIpSACYQGUNcWINB/6L6zNTxVNFcotne0EU/38eKeHoj9AzkOmR2sbNQC/WGiYNjcDJL1m9d/0r1QYWdWsCt3yMHRSD3ISrp8fy0b2U0330uzJ3hlBGPHkySZl+6Riz6DAnsoo5NOdc77mcLJ2zBAx+9TWWESBhDzpicglR55KROZ5FGEfyTJGJEZy4lpAfZb7oMswwAw01g2rLJG
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY2PR09MB1078;
x-microsoft-antispam-prvs: <BY2PR09MB1078D750B4049DAB4971DF17A5570@BY2PR09MB1078.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(166708455590820)(192374486261705)(273802758526341)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(102415321)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6055026); SRVR:BY2PR09MB1078; BCL:0; PCL:0; RULEID:; SRVR:BY2PR09MB1078;
x-forefront-prvs: 09760A0505
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(7916002)(5383002)(199003)(189002)(2501003)(7906002)(1730700003)(8676002)(74316001)(2351001)(106356001)(105586002)(10710500007)(2420400007)(66066001)(16236675004)(8936002)(19300405004)(450100001)(122556002)(68736007)(10400500002)(99286002)(15650500001)(2906002)(86362001)(19580395003)(19617315012)(229853001)(81156014)(81166006)(19625215002)(87936001)(33656002)(92566002)(5004730100002)(5008740100001)(586003)(101416001)(2900100001)(50986999)(54356999)(3280700002)(76576001)(3846002)(9686002)(102836003)(6116002)(790700001)(99936001)(77096005)(15975445007)(97736004)(11100500001)(5003600100002)(3660700001)(5890100001)(107886002)(7110500001)(189998001)(5002640100001)(110136002)(5640700001)(5630700001); DIR:OUT; SFP:1101; SCL:1; SRVR:BY2PR09MB1078; H:BY2PR09MB1078.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: mitre.org does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/mixed; boundary="_004_BY2PR09MB10785E8DAC1DC5D76942955DA5570BY2PR09MB1078namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Jun 2016 12:59:15.5924 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: c620dc48-1d50-4952-8b39-df4d54d74d82
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR09MB1078
X-OriginatorOrg: mitre.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/3NWlef-Rq0h4I_yCBYnoIxbZ7WQ>
Subject: [sacm] Vulnerability Assessment Scenario Issue #23 - Update Appendix E to Reference CSC v6.0
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jun 2016 12:59:30 -0000

We have a tracker that recommends updating Appendix E to reference Critical Security Controls v6.0 instead of v5.1 [1][2].  I went through both versions of the document and made the appropriate updates to the text (see attached) as some controls have changed or have been removed.

Please review the attached changes and let me know if they seem reasonable to incorporate into the next revision of the Vulnerability Assessment Scenario I-D.

Thanks,

Danny

[1] https://github.com/sacmwg/vulnerability-scenario/issues/23
[2] https://www.cisecurity.org/critical-controls.cfm

v2.23.0 | Report a Bug | By Email