< draft-turner-ccmib-02.txt   draft-turner-ccmib-03.txt >
Network Working Group S. Azoum N/A J. Sun
Internet-Draft E. Jones Internet-Draft M. Irani
Intended status: Standards Track L. Sun Intended status: Informational T. Nguyen
Expires: December 1, 2018 SPAWAR Systems Center Pacific Expires: January 9, 2020 Naval Information Warfare Center Pacific
M. Irani
J. Sun
Nathan Kunes, Inc.
R. Purvis R. Purvis
The MITRE Corporation The MITRE Corporation
S. Turner S. Turner
sn3rd sn3rd
May 30, 2018 July 8, 2019
Common Cryptographic MIB (CCMIB) Common Cryptographic MIB (CCMIB)
draft-turner-ccmib-02 draft-turner-ccmib-03
Abstract Abstract
This document defines a portion of the Management Information Base This document defines a portion of the Management Information Base
(MIB) for use with network management protocols in the Internet (MIB) for use with network management protocols in the Internet
community. In particular, it describes managed objects used to community. In particular, it describes managed objects used to
manage key management implementations including asymmetric keys, manage key management implementations including asymmetric keys,
symmetric keys, trust anchors, and cryptographic-related firmware. symmetric keys, trust anchors, and cryptographic-related firmware.
Status of This Memo Status of This Memo
skipping to change at page 1, line 42 skipping to change at page 1, line 39
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 1, 2018. This Internet-Draft will expire on January 9, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. The Internet-Standard Management Framework . . . . . . . . . 3 3. The Internet-Standard Management Framework . . . . . . . . . 3
4. Structure of the MIB module . . . . . . . . . . . . . . . . . 3 4. Structure of the MIB module . . . . . . . . . . . . . . . . . 3
5. Definition of the CC MIB module . . . . . . . . . . . . . . . 3 5. Definition of the CC MIB module . . . . . . . . . . . . . . . 3
5.1. CC Assignments . . . . . . . . . . . . . . . . . . . . . 3 5.1. Assignments . . . . . . . . . . . . . . . . . . . . . . . 3
5.2. CC Feature Hierarchy . . . . . . . . . . . . . . . . . . 5 5.2. Feature Hierarchy . . . . . . . . . . . . . . . . . . . . 4
5.3. CC Device Info . . . . . . . . . . . . . . . . . . . . . 6 5.3. Device Info . . . . . . . . . . . . . . . . . . . . . . . 6
5.4. Firmware Management Information . . . . . . . . . . . . . 17 5.4. Key Management Information . . . . . . . . . . . . . . . 24
5.5. Key Management Information . . . . . . . . . . . . . . . 23 5.5. Key Transfer Pull . . . . . . . . . . . . . . . . . . . . 81
5.6. Key Transfer Pull . . . . . . . . . . . . . . . . . . . . 77 5.6. Key Transfer Push . . . . . . . . . . . . . . . . . . . . 96
5.7. Key Transfer Push . . . . . . . . . . . . . . . . . . . . 93 5.7. Security Policy Information . . . . . . . . . . . . . . . 109
5.8. Security Policy Information . . . . . . . . . . . . . . . 106 5.8. Secure Connection Information . . . . . . . . . . . . . . 115
5.9. Secure Connection Information . . . . . . . . . . . . . . 113 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 123
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 121 7. Security Considerations . . . . . . . . . . . . . . . . . . . 123
7. Security Considerations . . . . . . . . . . . . . . . . . . . 121 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 124
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 121 8.1. Normative References . . . . . . . . . . . . . . . . . . 124
8.1. Normative References . . . . . . . . . . . . . . . . . . 121 8.2. Informative References . . . . . . . . . . . . . . . . . 125
8.2. Informative References . . . . . . . . . . . . . . . . . 123 Appendix A. Contributors . . . . . . . . . . . . . . . . . . . . 126
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 123 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 126
1. Introduction 1. Introduction
RFC EDITOR: PLEASE REMOVE THE FOLLOWING PARAGRAPH PRIOR TO RFC EDITOR: PLEASE REMOVE THE FOLLOWING PARAGRAPH PRIOR TO
PUBLICATION PUBLICATION
The source for this draft is maintained in GitHub. Suggested changes The source for this draft is maintained in GitHub. Suggested changes
should be submitted as pull requests at should be submitted as pull requests at
https://github.com/seanturner/draft-turner-ccmib. Instructions are https://github.com/seanturner/draft-turner-ccmib. Instructions are
on that page as well. Editorial changes can be managed in GitHub. on that page as well. Editorial changes can be managed in GitHub.
skipping to change at page 3, line 31 skipping to change at page 3, line 31
Objects in the MIB are defined using the mechanisms defined in the Objects in the MIB are defined using the mechanisms defined in the
Structure of Management Information (SMI). This memo specifies a MIB Structure of Management Information (SMI). This memo specifies a MIB
module that is compliant to the SMIv2, which is described in RFC 2578 module that is compliant to the SMIv2, which is described in RFC 2578
[RFC2578], STD 58, RFC 2579 [RFC2579], and STD 58, RFC 2580 [RFC2578], STD 58, RFC 2579 [RFC2579], and STD 58, RFC 2580
[RFC2580]. [RFC2580].
4. Structure of the MIB module 4. Structure of the MIB module
5. Definition of the CC MIB module 5. Definition of the CC MIB module
5.1. CC Assignments 5.1. Assignments
This MIB module makes reference to the following document: [RFC2578]. This MIB module makes reference to the following document: [RFC2578].
CC-ASSIGNMENTS-MIB DEFINITIONS ::= BEGIN CC-ASSIGNMENTS-MIB DEFINITIONS ::= BEGIN
IMPORTS IMPORTS
MODULE-IDENTITY, enterprises MODULE-IDENTITY, enterprises
FROM SNMPv2-SMI; -- RFC 2578 FROM SNMPv2-SMI; -- RFC 2578
ccAssignmentsMIB MODULE-IDENTITY ccAssignmentsMIB MODULE-IDENTITY
LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU LAST-UPDATED "201609302154Z"
ORGANIZATION "IETF" ORGANIZATION "CCMIB CCB"
CONTACT-INFO CONTACT-INFO
"Shadi Azoum "CC MIB Configuration Control Board
US Navy Email: CCMIB.CCB@us.af.mil"
email: shadi.azoum@navy.mil
Elliott Jones
US Navy
elliott.jones@navy.mil
Lily Sun
US Navy
lily.sun@navy.mil
Mike Irani
NKI Engineering
irani@nkiengineering.com
Jeffrey Sun
NKI Engineering
sunjeff@nkiengineering.com
Ray Purvis
MITRE
Email:rpurvis@mitre.org
Sean Turner
sn3rd
Email:sean@sn3rd.com"
DESCRIPTION DESCRIPTION
"This MIB defines the CC MIB tree hierarchical assignments "This MIB defines the CC MIB tree hierarchical assignments
below it and acts as a reservation mechanism. below it and acts as a reservation mechanism.
Copyright (c) 2017 IETF Trust and the persons Copyright (c) 2019 IETF Trust and the persons
identified as authors of the code. All rights reserved. identified as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with Redistribution and use in source and binary forms, with
or without modification, is permitted pursuant to, and or without modification, is permitted pursuant to, and
subject to the license terms contained in, the Simplified subject to the license terms contained in, the Simplified
BSD License set forth in Section 4.c of the IETF Trust's BSD License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documennts Legal Provisions Relating to IETF Documennts
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this MIB module is part of RFC xxxx; This version of this MIB module is part of RFC xxxx;
see the RFC itself for full legal notices." see the RFC itself for full legal notices."
-- RFC Ed.: RFC-editor please fill in xxxx. REVISION "201609302154Z"
REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU -- RFC EDITOR: Please update XXXX with the assigned RFC number.
DESCRIPTION "Initial Version. Published as RFC xxxx." DESCRIPTION "CC MIB 1.0.5 FINAL. Published as RFC xxxx."
-- RFC Ed.: RFC-editor please fill in xxxx. ::= { ccmib 3 }
::= { mib-2 TBD }
ccmib OBJECT IDENTIFIER ::= { enterprise 34493 }
-- --
-- Note: Current top-level OID assignments within the CC MIB tree: -- Note: Current top-level OID assignments within the CC MIB tree:
-- mib-2.TBD : CC-ASSIGNMENTS-MIB (this MIB) -- ccmib.3 : CC-ASSIGNMENTS-MIB (this MIB)
-- mib-2.TBD.1 : CC-FEATURE-HIERARCHY-MIB -- ccmib.3.1 : CC-FEATURE-HIERARCHY-MIB
END END
5.2. CC Feature Hierarchy 5.2. Feature Hierarchy
This MIB module makes reference to the following document: [RFC2578]. This MIB module makes reference to the following document: [RFC2578].
CC-FEATURE-HIERARCHY-MIB DEFINITIONS ::= BEGIN CC-FEATURE-HIERARCHY-MIB DEFINITIONS ::= BEGIN
IMPORTS
IMPORTS ccAssignmentsMIB
ccAssignmentsMIB FROM CC-ASSIGNMENTS-MIB -- FROM Section 5.1
FROM CC-ASSIGNMENTS-MIB -- FROM {{cc-assign}} MODULE-IDENTITY
MODULE-IDENTITY FROM SNMPv2-SMI; -- FROM RFC 2578
FROM SNMPv2-SMI; -- FROM RFC 2578
ccFeatureHierarchyMIB MODULE-IDENTITY
LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU
ORGANIZATION "IETF"
CONTACT-INFO
"Shadi Azoum
US Navy
email: shadi.azoum@navy.mil
Elliott Jones
US Navy
elliott.jones@navy.mil
Lily Sun
US Navy
lily.sun@navy.mil
Mike Irani
NKI Engineering
irani@nkiengineering.com
Jeffrey Sun
NKI Engineering
sunjeff@nkiengineering.com
Ray Purvis
MITRE
Email:rpurvis@mitre.org
Sean Turner ccFeatureHierarchyMIB MODULE-IDENTITY
sn3rd LAST-UPDATED "201609302154Z"
Email:sean@sn3rd.com" ORGANIZATION "CCMIB CCB"
DESCRIPTION CONTACT-INFO
"This MIB defines the CC MIB features in hierarchical MIB "CC MIB Configuration Control Board
tree assignments. It acts as a reservation mechanism for Email: CCMIB.CCB@us.af.mil"
other MIB sets to be anchored below it. DESCRIPTION
"This MIB defines the CC MIB features in hierarchical MIB
tree assignments. It acts as a reservation mechanism for
other MIB sets to be anchored below it.
Copyright (c) 2017 IETF Trust and the persons Copyright (c) 2019 IETF Trust and the persons
identified as authors of the code. All rights reserved. identified as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with Redistribution and use in source and binary forms, with
or without modification, is permitted pursuant to, and or without modification, is permitted pursuant to, and
subject to the license terms contained in, the Simplified subject to the license terms contained in, the Simplified
BSD License set forth in Section 4.c of the IETF Trust's BSD License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this MIB module is part of RFC xxxx; This version of this MIB module is part of RFC xxxx;
see the RFC itself for full legal notices." see the RFC itself for full legal notices."
-- RFC Ed.: RFC-editor please fill in xxxx. -- RFC Ed.: RFC-editor please fill in xxxx.
REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU REVISION "201609302154Z"
DESCRIPTION "Initial Version. Published as RFC xxxx." DESCRIPTION "CC MIB 1.0.5 FINAL. Published as RFC xxxx."
-- RFC Ed.: RFC-editor please fill in xxxx. -- RFC Ed.: RFC-editor please fill in xxxx.
::= { ccAssignmentsMIB 1 } ::= { ccAssignmentsMIB 1 }
ccDeviceInfo OBJECT IDENTIFIER ccDeviceInfo OBJECT IDENTIFIER
::= { ccFeatureHierarchyMIB 2 } ::= { ccFeatureHierarchyMIB 2 }
ccFirmwareManagement OBJECT IDENTIFIER ccKeyManagement OBJECT IDENTIFIER
::= { ccFeatureHierarchyMIB TBD } ::= { ccFeatureHierarchyMIB 3 }
ccKeyManagement OBJECT IDENTIFIER ccKeyTransferPull OBJECT IDENTIFIER
::= { ccFeatureHierarchyMIB 3 } ::= { ccFeatureHierarchyMIB 4 }
ccKeyTransferPull OBJECT IDENTIFIER ccKeyTransferPush OBJECT IDENTIFIER
::= { ccFeatureHierarchyMIB 4 } ::= { ccFeatureHierarchyMIB 5 }
ccKeyTransferPush OBJECT IDENTIFIER ccSecurePolicyInfo OBJECT IDENTIFIER
::= { ccFeatureHierarchyMIB 5 } ::= { ccFeatureHierarchyMIB 6 }
ccSecurePolicyInfo OBJECT IDENTIFIER ccSecureConnectionInfo OBJECT IDENTIFIER
::= { ccFeatureHierarchyMIB 6 } ::= { ccFeatureHierarchyMIB 7 }
ccSecureConnectionInfo OBJECT IDENTIFIER
::= { ccFeatureHierarchyMIB 7 }
END END
5.3. CC Device Info 5.3. Device Info
This MIB module makes reference to the following documents: This MIB module makes reference to the following documents:
[RFC1213], [RFC2578], [RFC2579], [RFC2580], [RFC3411], and [RFC3418]. [RFC1213], [RFC2578], [RFC2579], [RFC2580], [RFC3411], and [RFC3418].
CC-DEVICE-INFO-MIB DEFINITIONS ::= BEGIN CC-DEVICE-INFO-MIB DEFINITIONS ::= BEGIN
IMPORTS IMPORTS
ccDeviceInfo ccDeviceInfo
FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}} FROM CC-FEATURE-HIERARCHY-MIB -- FROM Sec 5.2
MODULE-COMPLIANCE, OBJECT-GROUP, MODULE-COMPLIANCE, OBJECT-GROUP,
NOTIFICATION-GROUP NOTIFICATION-GROUP
FROM SNMPv2-CONF -- FROM RFC 2580 FROM SNMPv2-CONF -- FROM RFC 2580
OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE, OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE,
MODULE-IDENTITY, TimeTicks MODULE-IDENTITY, TimeTicks
FROM SNMPv2-SMI -- FROM RFC 2578 FROM SNMPv2-SMI -- FROM RFC 2578
SnmpAdminString SnmpAdminString
FROM SNMP-FRAMEWORK-MIB -- FROM RFC 3411 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 3411
DateAndTime, TruthValue, TimeStamp DateAndTime, TruthValue, TimeStamp
FROM SNMPv2-TC; -- FROM RFC 2579 FROM SNMPv2-TC; -- FROM RFC 2579
ccDeviceInfoMIB MODULE-IDENTITY ccDeviceInfoMIB MODULE-IDENTITY
LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU LAST-UPDATED "201609302154Z"
ORGANIZATION "IETF" ORGANIZATION "CCMIB CCB"
CONTACT-INFO CONTACT-INFO
"Shadi Azoum "CC MIB Configuration Control Board
US Navy Email: CCMIB.CCB@us.af.mil"
email: shadi.azoum@navy.mil
Elliott Jones
US Navy
elliott.jones@navy.mil
Lily Sun
US Navy
lily.sun@navy.mil
Mike Irani
NKI Engineering
irani@nkiengineering.com
Jeffrey Sun
NKI Engineering
sunjeff@nkiengineering.com
Ray Purvis
MITRE
Email:rpurvis@mitre.org
Sean Turner
sn3rd
Email:sean@sn3rd.com"
DESCRIPTION DESCRIPTION
"This MIB defines the CC MIB Device Information objects. "This MIB defines the CC MIB Device Information objects.
Copyright (c) 2017 IETF Trust and the persons Copyright (c) 2019 IETF Trust and the persons
identified as authors of the code. All rights reserved. identified as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with Redistribution and use in source and binary forms, with
or without modification, is permitted pursuant to, and or without modification, is permitted pursuant to, and
subject to the license terms contained in, the Simplified subject to the license terms contained in, the Simplified
BSD License set forth in Section 4.c of the IETF Trust's BSD License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this MIB module is part of RFC xxxx; This version of this MIB module is part of RFC xxxx;
see the RFC itself for full legal notices." see the RFC itself for full legal notices."
-- RFC Ed.: RFC-editor please fill in xxxx. -- RFC Ed.: RFC-editor please fill in xxxx.
REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU REVISION "201609302154Z"
DESCRIPTION "Initial Version. Published as RFC xxxx." DESCRIPTION ""CC MIB 1.0.5 FINAL. Published as RFC xxxx."
-- RFC Ed.: RFC-editor please fill in xxxx. -- RFC Ed.: RFC-editor please fill in xxxx.
::= { ccDeviceInfo 1 } ::= { ccDeviceInfo 1 }
-- ***************************************************************** -- *****************************************************************
-- Device Information Segments -- Device Information Segments
-- ***************************************************************** -- *****************************************************************
cDeviceInfoConformance OBJECT IDENTIFIER cDeviceInfoConformance OBJECT IDENTIFIER
::= { ccDeviceInfoMIB 1} ::= { ccDeviceInfoMIB 1 }
cDeviceComponentVersInfo OBJECT IDENTIFIER cDeviceComponentVersInfo OBJECT IDENTIFIER
::= { ccDeviceInfoMIB 2} ::= { ccDeviceInfoMIB 2 }
cBatteryInfo OBJECT IDENTIFIER
::= { ccDeviceInfoMIB 3 }
cFirmwareInfo OBJECT IDENTIFIER
::= { ccDeviceInfoMIB 4 }
cDeviceInfoScalars OBJECT IDENTIFIER cDeviceInfoScalars OBJECT IDENTIFIER
::= { ccDeviceInfoMIB 5} ::= { ccDeviceInfoMIB 5 }
cDeviceInfoNotify OBJECT IDENTIFIER cDeviceInfoNotify OBJECT IDENTIFIER
::= { ccDeviceInfoMIB 6} ::= { ccDeviceInfoMIB 6 }
-- ***************************************************************** -- *****************************************************************
-- General Device Information Scalars -- General Device Information Scalars
-- ***************************************************************** -- *****************************************************************
cSystemDate OBJECT-TYPE cSystemDate OBJECT-TYPE
SYNTAX DateAndTime SYNTAX DateAndTime
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
skipping to change at page 9, line 4 skipping to change at page 7, line 47
cSystemUpTime OBJECT-TYPE cSystemUpTime OBJECT-TYPE
SYNTAX TimeTicks SYNTAX TimeTicks
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The amount of time since this host was last initialized. "The amount of time since this host was last initialized.
Note that this is different from sysUpTime in the SNMPv2-MIB Note that this is different from sysUpTime in the SNMPv2-MIB
RFC 3418 because sysUpTime is the uptime of the network RFC 3418 because sysUpTime is the uptime of the network
management portion of the system." management portion of the system."
::= { cDeviceInfoScalars 2 } ::= { cDeviceInfoScalars 2 }
cSystemInitialLoadParameters OBJECT-TYPE cSystemInitialLoadParameters OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(0..128)) SYNTAX SnmpAdminString (SIZE(0..128))
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This object contains the parameters (e.g. a pathname and "This object contains the parameters (e.g., a pathname and
parameter) supplied to the load device when requesting the parameter) supplied to the load device when requesting the
initial operating system configuration from that device. initial operating system configuration from that device.
Note that writing to this object just changes the Note that writing to this object just changes the
configuration that will be used the next time the operating configuration that will be used the next time the operating
system is loaded and does not actually cause the reload to system is loaded and does not actually cause the reload to
occur." occur."
::= { cDeviceInfoScalars 3 } ::= { cDeviceInfoScalars 3 }
cSecurityLevel OBJECT-TYPE cSecurityLevel OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(0..255)) SYNTAX SnmpAdminString (SIZE(0..255))
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
skipping to change at page 9, line 50 skipping to change at page 8, line 44
::= { cDeviceInfoScalars 5 } ::= { cDeviceInfoScalars 5 }
cLastChanged OBJECT-TYPE cLastChanged OBJECT-TYPE
SYNTAX TimeTicks SYNTAX TimeTicks
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The value of cSystemUpTime the last time any configurable "The value of cSystemUpTime the last time any configurable
object within the MIBs supported by the device has been object within the MIBs supported by the device has been
modified, created, or deleted by either SNMP, agent, or modified, created, or deleted by either SNMP, agent, or
other management method (e.g. via an HMI). Managers can use other management method (e.g., via an HMI). Managers can
this object to ensure that no changes to any configuration use this object to ensure that no changes to any
within the device have happened since the last time it configuration within the device have happened since the last
examined the device. A value of 0 indicates that no objects time it examined the device. A value of 0 indicates that no
have been changed since the agent initialized." objects have been changed since the agent initialized."
::= { cDeviceInfoScalars 6 } ::= { cDeviceInfoScalars 6 }
cResetDevice OBJECT-TYPE cResetDevice OBJECT-TYPE
SYNTAX TruthValue SYNTAX TruthValue
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The indication of whether a device should be reset. Setting "The indication of whether a device should be reset. Setting
this object to 'true' will perform a reset operation of the this object to 'true' will perform a reset operation of the
device. This must not affect the state of any persistent device. This must not affect the state of any persistent
skipping to change at page 11, line 18 skipping to change at page 10, line 14
cVendorName OBJECT-TYPE cVendorName OBJECT-TYPE
SYNTAX OCTET STRING SYNTAX OCTET STRING
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This object stores the device's vendor name and is intended "This object stores the device's vendor name and is intended
to be displayed and meaningful to the human operator (e.g. to be displayed and meaningful to the human operator (e.g.
Flinstones Inc). In other words, this object is not intended Flinstones Inc). In other words, this object is not intended
to store the vendor's authoritative identification value to store the vendor's authoritative identification value
(i.e. sysObjectID RFC 1213)." (i.e., sysObjectID RFC 1213)."
::= { cDeviceInfoScalars 10 } ::= { cDeviceInfoScalars 10 }
cModelIdentifier OBJECT-TYPE cModelIdentifier OBJECT-TYPE
SYNTAX OCTET STRING SYNTAX OCTET STRING
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This object stores the device's model identifier. In "This object stores the device's model identifier. In
general, this would include the model name and model general, this would include the model name and model
number." number."
skipping to change at page 11, line 43 skipping to change at page 10, line 39
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This object stores the device's hardware version." "This object stores the device's hardware version."
::= { cDeviceInfoScalars 12 } ::= { cDeviceInfoScalars 12 }
-- ***************************************************************** -- *****************************************************************
-- Device Information Notifications -- Device Information Notifications
-- ***************************************************************** -- *****************************************************************
cFirmwareInstallFailed NOTIFICATION-TYPE
STATUS current
DESCRIPTION
"A notification from the device to the management station
indicating a firmware install failed."
::= { cDeviceInfoNotify 1 }
cFirmwareInstallSuccess NOTIFICATION-TYPE
OBJECTS {
cFirmwareName,
cFirmwareVersion,
cFirmwareSource
}
STATUS current
DESCRIPTION
"A notification from the device to the management station
indicating a firmware intsall succeeded."
::= {cDeviceInfoNotify 2}
cResetDeviceInitialized NOTIFICATION-TYPE cResetDeviceInitialized NOTIFICATION-TYPE
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A notification from the device to the management station "A notification from the device to the management station
indicating that the device is being reset due to a change in indicating that the device is being reset due to a change in
the value of cResetDevice. This notification should be sent the value of cResetDevice. This notification should be sent
before the device performs any other reset operations (such before the device performs any other reset operations (such
as shutting down interfaces, etc.)" as shutting down interfaces, etc.)"
::= { cDeviceInfoNotify 3 } ::= { cDeviceInfoNotify 3 }
skipping to change at page 12, line 24 skipping to change at page 11, line 38
cTamperEventIndicated NOTIFICATION-TYPE cTamperEventIndicated NOTIFICATION-TYPE
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A notification from the device to the management station "A notification from the device to the management station
indicating that the device has detected a tamper event. This indicating that the device has detected a tamper event. This
notification should be sent before the device performs any notification should be sent before the device performs any
operations (such as shutting down interfaces, etc.)" operations (such as shutting down interfaces, etc.)"
::= { cDeviceInfoNotify 5 } ::= { cDeviceInfoNotify 5 }
cBatteryLow NOTIFICATION-TYPE
OBJECTS {
cBatteryType,
cBatteryOpStatus,
cBatteryLowThreshold
}
STATUS current
DESCRIPTION
"A notification from the device to the management station
indicating a battery has reached the threshold at which a
battery warning is indicated."
::= { cDeviceInfoNotify 6 }
cBatteryRequiresReplacement NOTIFICATION-TYPE
OBJECTS { cBatteryType, cBatteryOpStatus }
STATUS current
DESCRIPTION
"A notification from the device to the management station
indicating a battery should be charged or changed
immediately."
::= { cDeviceInfoNotify 7 }
cDeviceOnBattery NOTIFICATION-TYPE
OBJECTS { cBatteryType, cBatteryOpStatus }
STATUS current
DESCRIPTION
"A notificiation from the device to the management station
indicating the device is on battery power. This
notification is sent when the device is no longer
connected to an external power source and is operating
using a battery for main power."
::= { cDeviceInfoNotify 8 }
cDeviceComponentDisabled NOTIFICATION-TYPE cDeviceComponentDisabled NOTIFICATION-TYPE
OBJECTS { OBJECTS {
cDeviceComponentName, cDeviceComponentName,
cDeviceComponentVersion, cDeviceComponentVersion,
cDeviceComponentOpStatus cDeviceComponentOpStatus
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A notification from the device to the management station "A notification from the device to the management station
indicating a component described in the indicating a component described in the
skipping to change at page 13, line 19 skipping to change at page 13, line 19
"The number of rows in the cDeviceComponentVersTable." "The number of rows in the cDeviceComponentVersTable."
::= { cDeviceComponentVersInfo 1 } ::= { cDeviceComponentVersInfo 1 }
cDeviceComponentVersTableLastChanged OBJECT-TYPE cDeviceComponentVersTableLastChanged OBJECT-TYPE
SYNTAX TimeStamp SYNTAX TimeStamp
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The last time any entry in the table was modified, created, "The last time any entry in the table was modified, created,
or deleted by either SNMP, agent, or other management method or deleted by either SNMP, agent, or other management method
(e.g. via an HMI). Managers can use this object to ensure (e.g., via an HMI). Managers can use this object to ensure
that no changes to configuration of this table have happened that no changes to configuration of this table have happened
since the last time it examined the table. A value of 0 since the last time it examined the table. A value of 0
indicates that no entry has been changed since the agent indicates that no entry has been changed since the agent
initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime
should be used to populate this column." should be used to populate this column."
::= { cDeviceComponentVersInfo 2 } ::= { cDeviceComponentVersInfo 2 }
cDeviceComponentVersTable OBJECT-TYPE cDeviceComponentVersTable OBJECT-TYPE
SYNTAX SEQUENCE OF CDeviceComponentVersEntry SYNTAX SEQUENCE OF CDeviceComponentVersEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
skipping to change at page 13, line 48 skipping to change at page 13, line 48
cDeviceComponentVersEntry OBJECT-TYPE cDeviceComponentVersEntry OBJECT-TYPE
SYNTAX CDeviceComponentVersEntry SYNTAX CDeviceComponentVersEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A row containing a module descriptive name and its version "A row containing a module descriptive name and its version
that is supported by this device." that is supported by this device."
INDEX { cDeviceComponentName, cDeviceComponentVersion } INDEX { cDeviceComponentName, cDeviceComponentVersion }
::= { cDeviceComponentVersTable 1 } ::= { cDeviceComponentVersTable 1 }
cDeviceComponentVersEntry ::= SEQUENCE { cDeviceComponentVersEntry ::= SEQUENCE
cDeviceComponentName SnmpAdminString, {
cDeviceComponentVersion SnmpAdminString, cDeviceComponentName SnmpAdminString,
cDeviceComponentOpStatus INTEGER, cDeviceComponentVersion SnmpAdminString,
cDeviceComponentDescription OCTET STRING cDeviceComponentOpStatus INTEGER,
} cDeviceComponentDescription OCTET STRING
}
cDeviceComponentName OBJECT-TYPE cDeviceComponentName OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(1..32)) SYNTAX SnmpAdminString (SIZE(1..32))
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The module name or specification name. The string value to "The module name or specification name. The string value to
be used in this field should be documented in the text of be used in this field should be documented in the text of
the specification a given row is reporting information on. the specification a given row is reporting information on.
skipping to change at page 15, line 24 skipping to change at page 15, line 25
SYNTAX OCTET STRING SYNTAX OCTET STRING
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A description of the component. Agents may reject the "A description of the component. Agents may reject the
changing this object certain rows. In this event, the agent changing this object certain rows. In this event, the agent
should return an inconsistentValue error." should return an inconsistentValue error."
::= { cDeviceComponentVersEntry 4 } ::= { cDeviceComponentVersEntry 4 }
-- ***************************************************************** -- *****************************************************************
-- Module Conformance Information -- CC MIB cBatteryInfoTable
-- ***************************************************************** -- *****************************************************************
cDeviceInfoCompliances OBJECT IDENTIFIER cBatteryInfoTableCount OBJECT-TYPE
::= { cDeviceInfoConformance 1} SYNTAX Unsigned32
cDeviceInfoGroups OBJECT IDENTIFIER MAX-ACCESS read-only
::= { cDeviceInfoConformance 2} STATUS current
cDeviceInfoSystemCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"Compliance levels for system information."
MODULE
MANDATORY-GROUPS { cDeviceInfoSystemGroup }
GROUP cDeviceInfoSystemNotifyGroup
DESCRIPTION
"This notification group is optional for implementation."
OBJECT cSystemInitialLoadParameters
MIN-ACCESS not-accessible
DESCRIPTION
"Implementation of this object is optional."
OBJECT cSecurityLevel
MIN-ACCESS not-accessible
DESCRIPTION
"Implementation of this object is optional."
cSanitizeDevice
MIN-ACCESS not-accessible
DESCRIPTION
"Implementation of this object is optional."
OBJECT cRenderInoperable
MIN-ACCESS not-accessible
DESCRIPTION
"Implementation of this object is optional."
::= { cDeviceInfoCompliances 1 }
cDeviceInfoComponentCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION DESCRIPTION
"Compliance levels for component information." "The number of rows in the cBatteryInfoTable."
MODULE ::= { cBatteryInfo 1 }
MANDATORY-GROUPS { cDeviceInfoComponentGroup }
GROUP cDeviceInfoComponentNotifyGroup cBatteryInfoTableLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION DESCRIPTION
"This notification group is optional for implementation." "The last time any entry in the table was modified, created,
::= { cDeviceInfoCompliances 2 } or deleted by either SNMP, agent, or other management
method (e.g., via an HMI). Managers can use this object to
ensure that no changes to configuration of this table have
happened since the last time it examined the table. A
value of 0 indicates that no entry has been changed since
the agent initialized. The value in CC-DEVICE-INFO-MIB
cSystemUpTime should be used to populate this column."
::= { cBatteryInfo 2 }
cDeviceInfoSystemGroup OBJECT-GROUP cBatteryInfoTable OBJECT-TYPE
OBJECTS { SYNTAX SEQUENCE OF CBatteryInfoEntry
cSystemDate, MAX-ACCESS not-accessible
cSystemUpTime, STATUS current
cSystemInitialLoadParameters,
cSecurityLevel,
cElectronicSerialNumber,
cLastChanged,
cResetDevice,
cSanitizeDevice,
cRenderInoperable,
cVendorName,
cModelIdentifier,
cHardwareVersionNumber
}
STATUS current
DESCRIPTION DESCRIPTION
"This group is composed of objects related to system "The table containing information on each of the batteries
information." installed in the device."
::= { cDeviceInfoGroups 1 } ::= { cBatteryInfo 3 }
cDeviceInfoComponentGroup OBJECT-GROUP cBatteryInfoEntry OBJECT-TYPE
OBJECTS { SYNTAX CBatteryInfoEntry
cDeviceComponentVersTableCount, MAX-ACCESS not-accessible
cDeviceComponentVersTableLastChanged, STATUS current
cDeviceComponentName,
cDeviceComponentVersion,
cDeviceComponentOpStatus,
cDeviceComponentDescription
}
STATUS current
DESCRIPTION DESCRIPTION
"This group is composed of objects related to component "A row contining information on a specific battery. If a
information." device cannot return status of a battery it should not
::= { cDeviceInfoGroups 2 } create a row in this table for that battery."
INDEX { cBatteryIndex }
::= { cBatteryInfoTable 1 }
cDeviceInfoSystemNotifyGroup NOTIFICATION-GROUP CBatteryInfoEntry ::= SEQUENCE
NOTIFICATIONS { {
cResetDeviceInitialized, cBatteryIndex Unsigned32,
cSanitizeDeviceInitialized, cBatteryType INTEGER,
cTamperEventIndicated, cBatteryOpStatus INTEGER,
cSanitizeDeviceInitialized cBatteryLowThreshold Integer32
} }
STATUS current
DESCRIPTION
"This group is composed of notifications related to system
information."
::= { cDeviceInfoGroups 5 }
cDeviceInfoComponentNotifyGroup NOTIFICATION-GROUP cBatteryIndex OBJECT-TYPE
NOTIFICATIONS { SYNTAX Unsigned32
cDeviceComponentDisabled, MAX-ACCESS not-accessible
cDeviceComponentEnabled STATUS current
}
STATUS current
DESCRIPTION DESCRIPTION
"This group is composed of notifications related to "A numerical index used to identify the battery. This value
component information." uniquely identifies a battery on this device. The value
::= { cDeviceInfoGroups 6 } should be persistent for a given battery, but management
stations should not depend on it as it may not be possible
END for some devices to retain identical indexes (especially
across reboots)."
5.4. Firmware Management Information ::= { cBatteryInfoEntry 1 }
This MIB module makes references to the following documents:
[RFC2578], [RFC2579], [RFC2580], and [RFC3411].
CC-FIRMWARE-MANAGEMENT-MIB DEFINITIONS ::= BEGIN
IMPORTS
SnmpAdminString
FROM SNMP-FRAMEWORK-MIB -- FROM RFC 3411
OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE,
MODULE-IDENTITY
FROM SNMPv2-SMI -- FROM RFC 2578
TimeStamp, TruthValue, RowStatus
FROM SNMPv2-TC -- FROM RFC 2579
MODULE-COMPLIANCE, OBJECT-GROUP,
NOTIFICATION-GROUP
FROM SNMPv2-CONF; -- FROM RFC 2580
ccFirmwareManagementMIB MODULE-IDENTITY
LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU
ORGANIZATION "IETF"
CONTACT-INFO
"Shadi Azoum
US Navy
email: shadi.azoum@navy.mil
Elliott Jones
US Navy
elliott.jones@navy.mil
Lily Sun
US Navy
lily.sun@navy.mil
Mike Irani
NKI Engineering
irani@nkiengineering.com
Jeffrey Sun
NKI Engineering
sunjeff@nkiengineering.com
Ray Purvis
MITRE
Email:rpurvis@mitre.org
Sean Turner cBatteryType OBJECT-TYPE
sn3rd SYNTAX INTEGER { other(1), main(2), clock(3), security(4) }
Email:sean@sn3rd.com" MAX-ACCESS read-only
STATUS current
DESCRIPTION DESCRIPTION
"This MIB defines the CC MIB Firmware Managment objects. "The type of battery. Main(2) batteries are used for
operation of the device when not connected to a power
Copyright (c) 2017 IETF Trust and the persons source. Clock(3) is used to describe batteries which cannot
identified as authors of the code. All rights reserved. provide main power to the device but maintain clock or
other persistent data. Security(4) is used for batteries
Redistribution and use in source and binary forms, with which perform specific security functions or which may
or without modification, is permitted pursuant to, and render the device inoperable when the battery is depleted.
subject to the license terms contained in, the Simplified If a battery is used for both clock and security, Security
BSD License set forth in Section 4.c of the IETF Trust's should be returned. Other(1) describes a battery which is
Legal Provisions Relating to IETF Documents not otherwise defined here."
(http://trustee.ietf.org/license-info). ::= { cBatteryInfoEntry 2 }
This version of this MIB module is part of RFC xxxx;
see the RFC itself for full legal notices."
-- RFC Ed.: RFC-editor please fill in xxxx.
REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU
DESCRIPTION "Initial Version. Published as RFC xxxx."
-- RFC Ed.: RFC-editor please fill in xxxx.
::= { ccFirmwareManagement 1 }
-- *****************************************************************
-- Firmware Information Segments
-- *****************************************************************
cFirmwareInfo OBJECT IDENTIFIER
::= { ccFirmwareManagementMIB TBD }
cFirmwareInfoNoitify OBJECT IDENTIFIER
::= { ccFirmwareManagementMIB TBD }
-- *****************************************************************
-- Firmware Information Notifications
-- *****************************************************************
cFirmwareInstallFailed NOTIFICATION-TYPE cBatteryOpStatus OBJECT-TYPE
SYNTAX INTEGER { unknown(1), batteryNormal(2),
batteryLow(3), batteryDepleted(4),
batteryMissing(5) }
MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A notification from the device to the management station "Indication of the status of the battery."
indicating a firmware install failed." ::= { cBatteryInfoEntry 3 }
::= { cFirmwareInfoNotify TBD }
cFirmwareInstallSuccess NOTIFICATION-TYPE cBatteryLowThreshold OBJECT-TYPE
OBJECTS { SYNTAX Integer32 (0..100)
cFirmwareName, MAX-ACCESS read-write
cFirmwareVersion,
cFirmwareSource
}
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A notification from the device to the management station "The percentage of capacity at which the cBatteryLow
indicating a firmware install succeeded." notification will be generated. A value of zero indicates
::= { cFirmwareInfoNotify TBD } that the notification should never be sent for this
battery. This object should not be implemented if the
device will detect a low battery, but the actual percentage
is not measurable. This object only needs be writable for
implementations that support modification of the warning
level percentage."
::= { cBatteryInfoEntry 4 }
-- ***************************************************************** -- *****************************************************************
-- CC MIB cFirmwareInformationTable -- CC MIB cFirmwareInformationTable
-- ***************************************************************** -- *****************************************************************
cFirmwareInformationTableCount OBJECT-TYPE cFirmwareInformationTableCount OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of rows in the cFirmwareInformationTable." "The number of rows in the cFirmwareInformationTable."
::= { cFirmwareInfo 1 } ::= { cFirmwareInfo 1 }
cFirmwareInformationTableLastChanged OBJECT-TYPE cFirmwareInformationTableLastChanged OBJECT-TYPE
SYNTAX TimeStamp SYNTAX TimeStamp
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The last time any entry in the table was modified, created, "The last time any entry in the table was modified, created,
or deleted by either SNMP, agent, or other management method or deleted by either SNMP, agent, or other management
(e.g. via an HMI). Managers can use this object to ensure method (e.g., via an HMI). Managers can use this object to
that no changes to configuration of this table have happened ensure that no changes to configuration of this table have
since the last time it examined the table. A value of 0 happened since the last time it examined the table. A value
indicates that no entry has been changed since the agent of 0 indicates that no entry has been changed since the
initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime agent initialized. The value in CC-DEVICE-INFO-MIB
should be used to populate this column." cSystemUpTime should be used to populate this column."
::= { cFirmwareInfo 2 } ::= { cFirmwareInfo 2 }
cFirmwareInformationTable OBJECT-TYPE cFirmwareInformationTable OBJECT-TYPE
SYNTAX SEQUENCE OF CFirmwareInformationEntry SYNTAX SEQUENCE OF CFirmwareInformationEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A table that lists firmware versions available in the "A table that lists firmware versions available in the device, along
device, along with their versions and type. This is used to with their versions and type. This is used to list currently loaded
list currently loaded firmware versions of running firmware firmware versions of running firmware and other available firmware
and other available firmware versions in support of versions in support of returning to a previous version of the
returning to a previous version of the firmware." firmware."
::= { cFirmwareInfo 3 } ::= { cFirmwareInfo 3 }
cFirmwareInformationEntry OBJECT-TYPE cFirmwareInformationEntry OBJECT-TYPE
SYNTAX CFirmwareInformationEntry SYNTAX CFirmwareInformationEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A row containing a firmware package name, version, and "A row containing a firmware package name, version, and source."
source."
INDEX { cFirmwareName } INDEX { cFirmwareName }
::= { cFirmwareInformationTable 1 } ::= { cFirmwareInformationTable 1 }
CFirmwareInformationEntry ::= SEQUENCE { CFirmwareInformationEntry ::= SEQUENCE
cFirmwareName OCTET STRING, {
cFirmwareVersion SnmpAdminString, cFirmwareName OCTET STRING,
cFirmwareSource SnmpAdminString, cFirmwareVersion SnmpAdminString,
cFirmwareRunning TruthValue, cFirmwareSource SnmpAdminString,
cFirmwareRowStatus RowStatus cFirmwareRunning TruthValue,
} cFirmwareRowStatus RowStatus
}
cFirmwareName OBJECT-TYPE cFirmwareName OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(1..255)) SYNTAX OCTET STRING (SIZE(1..255))
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Unique identifier provided in the firmware package." "Unique identifier provided in the firmware package."
::= { cFirmwareInformationEntry 1 } ::= { cFirmwareInformationEntry 1 }
cFirmwareVersion OBJECT-TYPE cFirmwareVersion OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(1..255)) SYNTAX SnmpAdminString (SIZE(1..255))
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Version of firmware (provided in the package); for legacy "Version of firmware (provided in the package); for legacy
firmware packages, this column would be the empty string, firmware packages, this column would be the empty string,
''." ''."
::= { cFirmwareInformationEntry 2 } ::= { cFirmwareInformationEntry 2 }
cFirmwareSource OBJECT-TYPE cFirmwareSource OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(1..255)) SYNTAX SnmpAdminString (SIZE(1..255))
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This column is used by the implementation to describe how "This column is used by the implementation to describe how
the firmware was received. Agents may use any string which the firmware was received. Agents may use any string which
adequately describes the interface such as 'USB' or adequately describes the interface such as 'USB.' Agents may
'DS-100.' Agents may also reference entries in the ifTable also reference entries in the ifTable when appropriate. If
when appropriate. If received using a Secure Object received using a Cryptographic Device Material server, the
Maagement System (SOMS) server, the exact URI that was used exact URI that was used to retrieve the firmware package
to retrieve the firmware package would be configured in this would be configured in this column."
column."
::= { cFirmwareInformationEntry 3 } ::= { cFirmwareInformationEntry 3 }
cFirmwareRunning OBJECT-TYPE cFirmwareRunning OBJECT-TYPE
SYNTAX TruthValue SYNTAX TruthValue
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Indicates if the firmware is currently running. Only one "Indicates if the firmware is currently running. Only one
row in the table should have this object set to True at any row in the table should have this object set to True at
given time. If this object is set from False to True, the any given time. If this object is set from False to True,
agent must install the firmware, uninstall the previous the agent must install the firmware, uninstall the previous
running firmware and change the cFirmwareRunning object for running firmware and change the cFirmwareRunning object for
the previous running firmware from True to False." the previous running firmware from True to False."
::= { cFirmwareInformationEntry 4 } ::= { cFirmwareInformationEntry 4 }
cFirmwareRowStatus OBJECT-TYPE cFirmwareRowStatus OBJECT-TYPE
SYNTAX RowStatus SYNTAX RowStatus
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The status of the row, by which old entries may be deleted "The status of the row, by which old entries may be deleted
from this table. At a minimum, implementations must support from this table.
destroy management functions. Support for active and
notReady management functions is optional." At a minimum, implementations must support destroy
::= { cFirmwareInformationEntry 5 } management functions. Support for active, notInService,
and notReady management functions is optional."
::= {cFirmwareInformationEntry 5}
-- ***************************************************************** -- *****************************************************************
-- Module Conformance Information -- Module Conformance Information
-- ***************************************************************** -- *****************************************************************
cFirmwareInfoCompliances OBJECT IDENTIFIER cDeviceInfoCompliances OBJECT IDENTIFIER
::= { cFirmwareInfoConformance 1} ::= { cDeviceInfoConformance 1}
cFirmwareInfoGroups OBJECT IDENTIFIER
::= { cFirmwareInfoConformance 2}
cFirmwareInfoCompliance MODULE-COMPLIANCE cDeviceInfoGroups OBJECT IDENTIFIER
::= { cDeviceInfoConformance 2}
cDeviceInfoSystemCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"Compliance levels for system information."
MODULE
MANDATORY-GROUPS { cDeviceInfoSystemGroup }
GROUP cDeviceInfoSystemNotifyGroup
DESCRIPTION
"This notification group is optional for implementation."
OBJECT cSystemInitialLoadParameters
MIN-ACCESS not-accessible
DESCRIPTION
"Implementation of this object is optional."
OBJECT cSecurityLevel
MIN-ACCESS not-accessible
DESCRIPTION
"Implementation of this object is optional."
cSanitizeDevice
MIN-ACCESS not-accessible
DESCRIPTION
"Implementation of this object is optional."
OBJECT cRenderInoperable
MIN-ACCESS not-accessible
DESCRIPTION
"Implementation of this object is optional."
::= { cDeviceInfoCompliances 1 }
cDeviceInfoComponentCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"Compliance levels for component information."
MODULE
MANDATORY-GROUPS { cDeviceInfoComponentGroup }
GROUP cDeviceInfoComponentNotifyGroup
DESCRIPTION
"This notification group is optional for implementation."
::= { cDeviceInfoCompliances 2 }
cDeviceInfoBatteryCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"Compliance levels for battery information."
MODULE
MANDATORY-GROUPS { cDeviceInfoBatteryGroup }
GROUP cDeviceInfoBatteryNotifyGroup
DESCRIPTION
"This notification group is optional for implementation."
OBJECT cBatteryLowThreshold
MIN-ACCESS not-accessible
DESCRIPTION
"Implementation of this object is optional."
::= { cDeviceInfoCompliances 3 }
cDeviceInfoFirmwareCompliance MODULE-COMPLIANCE
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Compliance levels for firmware information." "Compliance levels for firmware information."
MODULE MODULE
MANDATORY-GROUPS { cFirmwareInfoGroup } MANDATORY-GROUPS { cDeviceInfoFirmwareGroup }
GROUP cFirmwareInfoNotifyGroup
GROUP cDeviceInfoFirmwareNotifyGroup
DESCRIPTION DESCRIPTION
"This notification group is optional for implementation." "This notification group is optional for implementation."
::= { cDeviceInfoCompliances TBD } ::= { cDeviceInfoCompliances 4 }
cFirmwareInfoGroup OBJECT-GROUP cDeviceInfoSystemGroup OBJECT-GROUP
OBJECTS { OBJECTS {
cFirmwareInformationTableCount, cSystemDate,
cFirmwareInformationTableLastChanged, cSystemUpTime,
cFirmwareName, cSystemInitialLoadParameters,
cFirmwareVersion, cSecurityLevel,
cFirmwareSource, cElectronicSerialNumber,
cFirmwareRunning, cLastChanged,
cFirmwareRowStatus cResetDevice,
cSanitizeDevice,
cRenderInoperable,
cVendorName,
cModelIdentifier,
cHardwareVersionNumber
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This group is composed of objects related to firmware "This group is composed of objects related to system
information." information."
::= { cFirmwareInfoGroups TBD } ::= { cDeviceInfoGroups 1 }
cFirmwareInfoNotifyGroup NOTIFICATION-GROUP cDeviceInfoComponentGroup OBJECT-GROUP
OBJECTS {
cDeviceComponentVersTableCount,
cDeviceComponentVersTableLastChanged,
cDeviceComponentName,
cDeviceComponentVersion,
cDeviceComponentOpStatus,
cDeviceComponentDescription
}
STATUS current
DESCRIPTION
"This group is composed of objects related to component
information."
::= { cDeviceInfoGroups 2 }
cDeviceInfoBatteryGroup OBJECT-GROUP
OBJECTS {
cBatteryInfoTableCount,
cBatteryInfoTableLastChanged,
cBatteryType,
cBatteryOpStatus,
cBatteryLowThreshold
}
STATUS current
DESCRIPTION
"This group is composed of objects related to battery
information."
::= { cDeviceInfoGroups 3 }
cDeviceInfoFirmwareGroup OBJECT-GROUP
OBJECTS {
cFirmwareInformationTableCount,
cFirmwareInformationTableLastChanged,
cFirmwareName,
cFirmwareVersion,
cFirmwareSource,
cFirmwareRunning,
cFirmwareRowStatus
}
STATUS current
DESCRIPTION
"This group is composed of objects related to firmware
information."
::= { cDeviceInfoGroups 4 }
cDeviceInfoSystemNotifyGroup NOTIFICATION-GROUP
NOTIFICATIONS {
cResetDeviceInitialized,
cSanitizeDeviceInitialized,
cTamperEventIndicated,
cSanitizeDeviceInitialized
}
STATUS current
DESCRIPTION
"This group is composed of notifications related to system
information."
::= { cDeviceInfoGroups 5 }
cDeviceInfoComponentNotifyGroup NOTIFICATION-GROUP
NOTIFICATIONS {
cDeviceComponentDisabled,
cDeviceComponentEnabled
}
STATUS current
DESCRIPTION
"This group is composed of notifications related to
component information."
::= { cDeviceInfoGroups 6 }
cDeviceInfoBatteryNotifyGroup NOTIFICATION-GROUP
NOTIFICATIONS {
cBatteryLow,
cBatteryRequiresReplacement,
cDeviceOnBattery
}
STATUS current
DESCRIPTION
"This group is composed of notifications related to battery
information."
::= { cDeviceInfoGroups 7 }
cDeviceInfoFirmwareNotifyGroup NOTIFICATION-GROUP
NOTIFICATIONS { NOTIFICATIONS {
cFirmwareInstallFailed, cFirmwareInstallFailed,
cFirmwareInstallSuccess cFirmwareInstallSuccess
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This group is composed of notifications related to firmware "This group is composed of notifications related to firmware
information." information."
::= { cFirmwareInfoGroups TBD } ::= { cDeviceInfoGroups 8 }
END END
5.5. Key Management Information 5.4. Key Management Information
This MIB module makes references to the following documents: This MIB module makes references to the following documents:
[RFC2578], [RFC2579], [RFC2580], [RFC3411], [RFC5280], [RFC5914], [RFC2578], [RFC2579], [RFC2580], [RFC3411], [RFC5280], [RFC5914],
[RFC6030], and [RFC6353]. [RFC6030], and [RFC6353].
CC-KEY-MANAGEMENT-MIB DEFINITIONS ::= BEGIN CC-KEY-MANAGEMENT-MIB DEFINITIONS ::= BEGIN
IMPORTS IMPORTS
ccKeyManagement ccKeyManagement
FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}} FROM CC-FEATURE-HIERARCHY-MIB -- FROM Sec 5.2
OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE, OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE,
MODULE-IDENTITY MODULE-IDENTITY
FROM SNMPv2-SMI -- FROM RFC 2578 FROM SNMPv2-SMI -- FROM RFC 2578
SnmpAdminString SnmpAdminString
FROM SNMP-FRAMEWORK-MIB -- FROM RFC 3411 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 3411
RowPointer, RowStatus, DateAndTime, RowPointer, RowStatus, DateAndTime,
TruthValue, TimeStamp TruthValue, TimeStamp
FROM SNMPv2-TC -- FROM RFC 2579 FROM SNMPv2-TC -- FROM RFC 2579
MODULE-COMPLIANCE, OBJECT-GROUP, MODULE-COMPLIANCE, OBJECT-GROUP,
NOTIFICATION-GROUP NOTIFICATION-GROUP
FROM SNMPv2-CONF -- FROM RFC 2580 FROM SNMPv2-CONF -- FROM RFC 2580
SnmpTLSFingerprint SnmpTLSFingerprint
FROM SNMP-TLS-TM-MIB; -- FROM RFC 6353 FROM SNMP-TLS-TM-MIB; -- FROM RFC 6353
ccKeyManagementMIB MODULE-IDENTITY ccKeyManagementMIB MODULE-IDENTITY
LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU LAST-UPDATED "201609302154Z"
ORGANIZATION "IETF" ORGANIZATION "CCMIB CCB"
CONTACT-INFO CONTACT-INFO
"Shadi Azoum "CC MIB Configuration Control Board
US Navy Email: CCMIB.CCB@us.af.mil"
email: shadi.azoum@navy.mil
Elliott Jones
US Navy
elliott.jones@navy.mil
Lily Sun
US Navy
lily.sun@navy.mil
Mike Irani
NKI Engineering
irani@nkiengineering.com
Jeffrey Sun
NKI Engineering
sunjeff@nkiengineering.com
Ray Purvis
MITRE
Email:rpurvis@mitre.org
Sean Turner
sn3rd
Email:sean@sn3rd.com"
DESCRIPTION DESCRIPTION
"This MIB defines the CC MIB Key Managment objects. "This MIB defines the CC MIB Key Managment objects.
Copyright (c) 2017 IETF Trust and the persons Copyright (c) 2019 IETF Trust and the persons
identified as authors of the code. All rights reserved. identified as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with Redistribution and use in source and binary forms, with
or without modification, is permitted pursuant to, and or without modification, is permitted pursuant to, and
subject to the license terms contained in, the Simplified subject to the license terms contained in, the Simplified
BSD License set forth in Section 4.c of the IETF Trust's BSD License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this MIB module is part of RFC xxxx; This version of this MIB module is part of RFC xxxx;
see the RFC itself for full legal notices." see the RFC itself for full legal notices."
-- RFC Ed.: RFC-editor please fill in xxxx. -- RFC Ed.: RFC-editor please fill in xxxx.
REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU REVISION "201609302154Z"
DESCRIPTION "Initial Version. Published as RFC xxxx." DESCRIPTION ""CC MIB 1.0.5 FINAL. Published as RFC xxxx."
-- RFC Ed.: RFC-editor please fill in xxxx. -- RFC Ed.: RFC-editor please fill in xxxx.
::= { ccKeyManagement 1 } ::= { ccKeyManagement 1 }
-- ***************************************************************** -- *****************************************************************
-- Key Management Information Segments -- Key Management Information Segments
-- ***************************************************************** -- *****************************************************************
cSymmetricKeyInfo OBJECT IDENTIFIER cSymmetricKeyInfo OBJECT IDENTIFIER
::= { ccKeyManagementMIB 1 } ::= { ccKeyManagementMIB 1 }
cAsymKeyInfo OBJECT IDENTIFIER cAsymKeyInfo OBJECT IDENTIFIER
skipping to change at page 25, line 32 skipping to change at page 25, line 50
cPolicyMappingInfo OBJECT IDENTIFIER cPolicyMappingInfo OBJECT IDENTIFIER
::= { ccKeyManagementMIB 9 } ::= { ccKeyManagementMIB 9 }
cNameConstraintInfo OBJECT IDENTIFIER cNameConstraintInfo OBJECT IDENTIFIER
::= { ccKeyManagementMIB 10 } ::= { ccKeyManagementMIB 10 }
cKeyManagementScalars OBJECT IDENTIFIER cKeyManagementScalars OBJECT IDENTIFIER
::= { ccKeyManagementMIB 11 } ::= { ccKeyManagementMIB 11 }
cKeyManagementNotify OBJECT IDENTIFIER cKeyManagementNotify OBJECT IDENTIFIER
::= { ccKeyManagementMIB 12 } ::= { ccKeyManagementMIB 12 }
cKeyManagementConformance OBJECT IDENTIFIER cKeyManagementConformance OBJECT IDENTIFIER
::= { ccKeyManagementMIB 13 } ::= { ccKeyManagementMIB 13 }
cRemoteKeyMaterialInfo OBJECT IDENTIFIER
::= { ccKeyManagementMIB 14 }
-- ***************************************************************** -- *****************************************************************
-- Key Management Information Scalars -- Key Management Information Scalars
-- ***************************************************************** -- *****************************************************************
cZeroizeAllKeys OBJECT-TYPE cZeroizeAllKeys OBJECT-TYPE
SYNTAX TruthValue SYNTAX TruthValue
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
skipping to change at page 27, line 10 skipping to change at page 27, line 29
cTrustAnchorTable. This operation must not modify any other cTrustAnchorTable. This operation must not modify any other
information in the device such as the persistent storage or information in the device such as the persistent storage or
the audit log. When read this object should return false. If the audit log. When read this object should return false. If
this object is set to the same value as the current value, this object is set to the same value as the current value,
the device must not perform any operation but should accept the device must not perform any operation but should accept
this as a valid SET operation. Note after being set to true, this as a valid SET operation. Note after being set to true,
an agent should reset this object to false once it has an agent should reset this object to false once it has
zeroized the specific key materials stored in the device. zeroized the specific key materials stored in the device.
Some implementations may restrict the deletion of Trust Some implementations may restrict the deletion of Trust
Anchors to specific protocols (e.g. TAMP)." Anchors to specific protocols (e.g., TAMP)."
::= { cKeyManagementScalars 4 } ::= { cKeyManagementScalars 4 }
cZeroizeCDMStoreTable OBJECT-TYPE cZeroizeCDMStoreTable OBJECT-TYPE
SYNTAX TruthValue SYNTAX TruthValue
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Setting this object to 'true' removes all entries in the "Setting this object to 'true' removes all entries in the
cCDMStoreTable that are of type symkey, asymkey, and cCDMStoreTable that are of type symkey, asymkey, and
trustAnchor. This operation must not modify any other trustAnchor. This operation must not modify any other
skipping to change at page 28, line 37 skipping to change at page 29, line 8
cAsymKeyExpirationDate in the associated cAsymKeyTable cAsymKeyExpirationDate in the associated cAsymKeyTable
entry) for which the cKeyMaterialExpiring notification will entry) for which the cKeyMaterialExpiring notification will
be transmitted. be transmitted.
The value in this object is only used if no value exists for The value in this object is only used if no value exists for
the associated cAsymKeyTable entry's cAsymKeyExpiryWarning the associated cAsymKeyTable entry's cAsymKeyExpiryWarning
object." object."
::= { cKeyManagementScalars 9 } ::= { cKeyManagementScalars 9 }
cGenerateKeyType OBJECT-TYPE cGenerateKeyType OBJECT-TYPE
SYNTAX INTEGER { x509v3(1), psk(2)} SYNTAX INTEGER { x509v3(1), psk(2) }
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The type of key material to be generated "The type of key material to be generated
[1] x509v3: X.509v3 certificate per RFC 5280. [1] x509v3: X.509v3 certificate per RFC 5280.
[2] Symmetric Pre-Shared Key." [2] Symmetric Pre-Shared Key."
::= { cKeyManagementScalars 10 } ::= { cKeyManagementScalars 10 }
cGenerateKey OBJECT-TYPE cGenerateKey OBJECT-TYPE
skipping to change at page 29, line 24 skipping to change at page 29, line 43
-- ***************************************************************** -- *****************************************************************
-- Key Management Notifications -- Key Management Notifications
-- ***************************************************************** -- *****************************************************************
cKeyMaterialLoadSuccess NOTIFICATION-TYPE cKeyMaterialLoadSuccess NOTIFICATION-TYPE
OBJECTS { cKeyMaterialTableOID } OBJECTS { cKeyMaterialTableOID }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An attempt to load the device with key material, identified "An attempt to load the device with key material, identified
by the table identifier (e.g. cSymmetricKeyTable), has by the table identifier (e.g., cSymmetricKeyTable), has
succeeded. This notification may be sent upon a single succeeded. This notification may be sent upon a single
successful key material load or may be sent upon a series of successful key material load or may be sent upon a series of
successful single key material loads." successful single key material loads."
::= { cKeyManagementNotify 1 } ::= { cKeyManagementNotify 1 }
cKeyMaterialLoadFail NOTIFICATION-TYPE cKeyMaterialLoadFail NOTIFICATION-TYPE
OBJECTS { cKeyMaterialTableOID } OBJECTS { cKeyMaterialTableOID }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An attempt to load the device with key material, identified "An attempt to load the device with key material, identified
by the table identifier (e.g. cSymmetricKeyTable), has by the table identifier (e.g., cSymmetricKeyTable), has
failed." failed."
::= { cKeyManagementNotify 2 } ::= { cKeyManagementNotify 2 }
cKeyMaterialExpiring NOTIFICATION-TYPE cKeyMaterialExpiring NOTIFICATION-TYPE
OBJECTS { OBJECTS {
cKeyMaterialFingerprint, cKeyMaterialFingerprint,
cKeyMaterialTableOID cKeyMaterialTableOID
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
skipping to change at page 33, line 12 skipping to change at page 33, line 31
"The number of rows in the cSymmetricKeyTable." "The number of rows in the cSymmetricKeyTable."
::= { cSymmetricKeyInfo 1 } ::= { cSymmetricKeyInfo 1 }
cSymmetricKeyTableLastChanged OBJECT-TYPE cSymmetricKeyTableLastChanged OBJECT-TYPE
SYNTAX TimeStamp SYNTAX TimeStamp
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The last time any entry in the table was modified, created, "The last time any entry in the table was modified, created,
or deleted by either SNMP, agent, or other management method or deleted by either SNMP, agent, or other management method
(e.g. via an HMI). Managers can use this object to ensure (e.g., via an HMI). Managers can use this object to ensure
that no changes to configuration of this table have happened that no changes to configuration of this table have happened
since the last time it examined the table. A value of 0 since the last time it examined the table. A value of 0
indicates that no entry has been changed since the agent indicates that no entry has been changed since the agent
initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime
should be used to populate this column." should be used to populate this column."
::= { cSymmetricKeyInfo 2 } ::= { cSymmetricKeyInfo 2 }
cSymmetricKeyTable OBJECT-TYPE cSymmetricKeyTable OBJECT-TYPE
SYNTAX SEQUENCE OF CSymmetricKeyEntry SYNTAX SEQUENCE OF CSymmetricKeyEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
skipping to change at page 34, line 30 skipping to change at page 34, line 49
unlock(2), encrypt(3), decrypt(4), unlock(2), encrypt(3), decrypt(4),
integrity(5), verify(6), keyWrap(7), integrity(5), verify(6), keyWrap(7),
unwrap(8), derive(9), generate(10), unwrap(8), derive(9), generate(10),
sharedSecret(11) } sharedSecret(11) }
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The intended usage for the key: One Time Password (OTP), "The intended usage for the key: One Time Password (OTP),
Challenge/Response (CR), Unlock, Encrypt, Decrypt, Challenge/Response (CR), Unlock, Encrypt, Decrypt,
Integrity, Verify, KeyWrap, Unwrap, Derive, Generate, Integrity, Verify, KeyWrap, Unwrap, Derive, Generate,
Shared Secret. Shared Secret. From RFC 6030 section 5.
From RFC 6030 section 5.
OTP: The key is used for One Time Password (OTP) generation. OTP: The key is used for One Time Password (OTP) generation.
CR: The key is used for Challenge/Response purposes. CR: The key is used for Challenge/Response purposes.
Unlock: The key is used for an inverse challenge response in Unlock: The key is used for an inverse challenge response in
the case where a user has locked the device by entering a the case where a user has locked the device by entering a
wrong password too many times (for devices with password wrong password too many times (for devices with password
input capability). input capability).
skipping to change at page 38, line 40 skipping to change at page 39, line 12
"The number of rows in the cAsymKeyTable." "The number of rows in the cAsymKeyTable."
::= { cAsymKeyInfo 1 } ::= { cAsymKeyInfo 1 }
cAsymKeyTableLastChanged OBJECT-TYPE cAsymKeyTableLastChanged OBJECT-TYPE
SYNTAX TimeStamp SYNTAX TimeStamp
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The last time any entry in the table was modified, created, "The last time any entry in the table was modified, created,
or deleted by either SNMP, agent, or other management method or deleted by either SNMP, agent, or other management method
(e.g. via an HMI). Managers can use this object to ensure (e.g., via an HMI). Managers can use this object to ensure
that no changes to configuration of this table have happened that no changes to configuration of this table have happened
since the last time it examined the table. A value of 0 since the last time it examined the table. A value of 0
indicates that no entry has been changed since the agent indicates that no entry has been changed since the agent
initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime
should be used to populate this column." should be used to populate this column."
::= { cAsymKeyInfo 2 } ::= { cAsymKeyInfo 2 }
cAsymKeyTable OBJECT-TYPE cAsymKeyTable OBJECT-TYPE
SYNTAX SEQUENCE OF CAsymKeyEntry SYNTAX SEQUENCE OF CAsymKeyEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
skipping to change at page 39, line 39 skipping to change at page 40, line 10
cAsymKeyExpiryWarning Unsigned32, cAsymKeyExpiryWarning Unsigned32,
cAsymKeySubject OCTET STRING, cAsymKeySubject OCTET STRING,
cAsymKeySubjectType BITS, cAsymKeySubjectType BITS,
cAsymKeySubjectAltName SnmpAdminString, cAsymKeySubjectAltName SnmpAdminString,
cAsymKeyUsage BITS, cAsymKeyUsage BITS,
cAsymKeyClassification BITS, cAsymKeyClassification BITS,
cAsymKeySource OCTET STRING, cAsymKeySource OCTET STRING,
cAsymKeyRowStatus RowStatus, cAsymKeyRowStatus RowStatus,
cAsymKeyVersion INTEGER, cAsymKeyVersion INTEGER,
cAsymKeyRekey TruthValue, cAsymKeyRekey TruthValue,
cAsymKeyType OCTET STRING cAsymKeyType OCTET STRING,
cAsymKeyAutoRekeyEnable TruthValue
} }
cAsymKeyFingerprint OBJECT-TYPE cAsymKeyFingerprint OBJECT-TYPE
SYNTAX SnmpTLSFingerprint SYNTAX SnmpTLSFingerprint
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An inherent identification of the asymmetric key and the "An inherent identification of the asymmetric key and the
primary index to the cAsymKeyTable." primary index to the cAsymKeyTable."
::= { cAsymKeyEntry 1 } ::= { cAsymKeyEntry 1 }
skipping to change at page 40, line 23 skipping to change at page 40, line 43
SYNTAX OCTET STRING (SIZE(1..255)) SYNTAX OCTET STRING (SIZE(1..255))
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The unique positive integer assigned to the Asymmetric "The unique positive integer assigned to the Asymmetric
Key. For Public Key Certificate (PKC) this serial number is Key. For Public Key Certificate (PKC) this serial number is
assigned by the Certification Authority (CA). The value is assigned by the Certification Authority (CA). The value is
this column can be up to 20 bytes long per Section this column can be up to 20 bytes long per Section
'4.1.2.2. Serial Number' of RFC 5280. Other types of Key '4.1.2.2. Serial Number' of RFC 5280. Other types of Key
Material may have different serial number format as defined Material may have different serial number format as defined
by the issuer (e.g. a Key Material ID)." by the issuer (e.g., a Key Material ID)."
::= { cAsymKeyEntry 3 } ::= { cAsymKeyEntry 3 }
cAsymKeyIssuer OBJECT-TYPE cAsymKeyIssuer OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(1..255)) SYNTAX OCTET STRING (SIZE(1..255))
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The issuer of this key material. For Public Key "The issuer of this key material. For Public Key
Certificates, this is the distinguished name (DN) of the Certificates, this is the distinguished name (DN) of the
entity that has signed and issued the Public Key entity that has signed and issued the Public Key
skipping to change at page 40, line 45 skipping to change at page 41, line 17
class of device and will reference the Key Management class of device and will reference the Key Management
System that delivers the key material for that device." System that delivers the key material for that device."
::= { cAsymKeyEntry 4 } ::= { cAsymKeyEntry 4 }
cAsymKeySignatureAlgorithm OBJECT-TYPE cAsymKeySignatureAlgorithm OBJECT-TYPE
SYNTAX OCTET STRING SYNTAX OCTET STRING
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Signature algorithm used by a Certification Authority to "Signature algorithm used by a Certification Authority to
sign this asymmetric key material (e.g. X.509 Certificate). sign this asymmetric key material (e.g., X.509
If no signature/signature algorithm is provided/used, this Certificate). If no signature/signature algorithm is
column would not exist. provided/used, this column would not exist.
Note, this is a free form OCTET STRING column, meaning Note, this is a free form OCTET STRING column, meaning
implementations may utilize a standardized definition of implementations may utilize a standardized definition of
string values or use a proprietary definition of string string values or use a proprietary definition of string
values for supported signature algorithms." values for supported signature algorithms."
::= { cAsymKeyEntry 5 } ::= { cAsymKeyEntry 5 }
cAsymKeyPublicKeyAlgorithm OBJECT-TYPE cAsymKeyPublicKeyAlgorithm OBJECT-TYPE
SYNTAX OCTET STRING SYNTAX OCTET STRING
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Public key algorithm with which the public key is used (as "Public key algorithm with which the public key is used (as
associated with the asymmetric key material (e.g. X.509 associated with the asymmetric key material (e.g., X.509
Certificate)). Certificate)).
Note, this is a free form OCTET STRING column, meaning Note, this is a free form OCTET STRING column, meaning
implementations may utilize a standardized definition of implementations may utilize a standardized definition of
string values or use a proprietary definition of string string values or use a proprietary definition of string
values for supported public key algorithms." values for supported public key algorithms."
::= { cAsymKeyEntry 6 } ::= { cAsymKeyEntry 6 }
cAsymKeyEffectiveDate OBJECT-TYPE cAsymKeyEffectiveDate OBJECT-TYPE
SYNTAX DateAndTime SYNTAX DateAndTime
skipping to change at page 42, line 47 skipping to change at page 43, line 18
Bit value translation: Bit value translation:
1000 0000 = other 1000 0000 = other
0100 0000 = certificationAuthority 0100 0000 = certificationAuthority
0010 0000 = crlIssuer 0010 0000 = crlIssuer
For non-X.509 based key material, or when this object does For non-X.509 based key material, or when this object does
not apply for the key material, this column will not not apply for the key material, this column will not
exist." exist."
::= { cAsymKeyEntry 11 } ::= { cAsymKeyEntry 11 }
cAsymKeySubjectAltName OBJECT-TYPE cAsymKeySubjectAltName OBJECT-TYPE
SYNTAXSnmpAdminString (SIZE(1..32)) SYNTAX SnmpAdminString (SIZE(1..32))
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A reference string that points to a set of Certificate "A reference string that points to a set of Certificate
Subject Alternative Subject Names in the Subject Alternative Subject Names in the
cCertSubAltNameTable. cCertSubAltNameTable.
This column should contain an empty string if the This column should contain an empty string if the
Certificate has no associating Subject Alternative Names. Certificate has no associating Subject Alternative Names.
skipping to change at page 43, line 31 skipping to change at page 43, line 51
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Provides the intended type of usage for the Asymmetric "Provides the intended type of usage for the Asymmetric
Key. The following types are supported (defined in Section Key. The following types are supported (defined in Section
4.2.1.3 Key Usage of RFC 5280 for PKC): 4.2.1.3 Key Usage of RFC 5280 for PKC):
other(0), digitalSignature(1), nonRepudiation(2), other(0), digitalSignature(1), nonRepudiation(2),
keyEncipherment(3), dataEncipherment(4), keyAgreement(5), keyEncipherment(3), dataEncipherment(4), keyAgreement(5),
keyCertSign(6), cRLSign(7), encipherOnly(8), and keyCertSign(6), cRLSign(7), encipherOnly(8), and
decipherOnly(9) decipherOnly(9)
Bit value translation: Bit value translation:
1000 0000 0000 0000 = other, 1000 0000 0000 0000 = other
0100 0000 0000 0000 = digitalSignature, 0100 0000 0000 0000 = digitalSignature
0010 0000 0000 0000 = nonRepudiation, 0010 0000 0000 0000 = nonRepudiation
0001 0000 0000 0000 = keyEncipherment, 0001 0000 0000 0000 = keyEncipherment
0000 1000 0000 0000 = dataEncipherment, 0000 1000 0000 0000 = dataEncipherment
0000 0100 0000 0000 = keyAgreement, 0000 0100 0000 0000 = keyAgreement
0000 0010 0000 0000 = keyCertSign, 0000 0010 0000 0000 = keyCertSign
0000 0001 0000 0000 = cRLSign, 0000 0001 0000 0000 = cRLSign
0000 0000 1000 0000 = encipherOnly, 0000 0000 1000 0000 = encipherOnly
0000 0000 0100 0000 = decipherOnly. 0000 0000 0100 0000 = decipherOnly
Devices using asymmetric key material not adhering to RFC Devices using asymmetric key material not adhering to RFC
5280 (X.509 format) may still use an applicable value for 5280 (X.509 format) may still use an applicable value for
the Usage, or may use 'other'." the Usage, or may use 'other'."
::= { cAsymKeyEntry 13 } ::= { cAsymKeyEntry 13 }
cAsymKeyClassification OBJECT-TYPE cAsymKeyClassification OBJECT-TYPE
SYNTAX BITS { unclassified(0), restricted(1), SYNTAX BITS { unclassified(0), restricted(1),
confidential(2), secret(3), topSecret(4) } confidential(2), secret(3), topSecret(4) }
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
skipping to change at page 45, line 41 skipping to change at page 46, line 12
SYNTAX OCTET STRING (SIZE(1..255)) SYNTAX OCTET STRING (SIZE(1..255))
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This column describes the type of asymmetric key material. "This column describes the type of asymmetric key material.
Note, this is a free form OCTET STRING column. Note, this is a free form OCTET STRING column.
Implementations are expected to utilize definition of string Implementations are expected to utilize definition of string
values that apply to their specific nomenclature supported. values that apply to their specific nomenclature supported.
If no such nomenclature exists, this column should not be If no such nomenclature exists, this column should not be
populated or be set to an empty string (i.e. '')." populated or be set to an empty string (i.e., '')."
::= { cAsymKeyEntry 19 } ::= { cAsymKeyEntry 19 }
cAsymKeyAutoRekeyEnable OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Controls the automatic rekey settings for this PKC.
[true] Enables automatic rekey.
[false] Disables automatic rekey.
This column is optional to support."
DEFVAL { false }
::= { cAsymKeyEntry 20 }
-- ***************************************************************** -- *****************************************************************
-- CC MIB cTrustAnchorTable -- CC MIB cTrustAnchorTable
-- ***************************************************************** -- *****************************************************************
cTrustAnchorTableCount OBJECT-TYPE cTrustAnchorTableCount OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of rows in the cTrustAnchorTable." "The number of rows in the cTrustAnchorTable."
::= { cTrustAnchorInfo 1 } ::= { cTrustAnchorInfo 1 }
cTrustAnchorTableLastChanged OBJECT-TYPE cTrustAnchorTableLastChanged OBJECT-TYPE
SYNTAX TimeStamp SYNTAX TimeStamp
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The last time any entry in the table was modified, created, "The last time any entry in the table was modified, created,
or deleted by either SNMP, agent, or other management method or deleted by either SNMP, agent, or other management method
(e.g. via an HMI). Managers can use this object to ensure (e.g., via an HMI). Managers can use this object to ensure
that no changes to configuration of this table have happened that no changes to configuration of this table have happened
since the last time it examined the table. A value of 0 since the last time it examined the table. A value of 0
indicates that no entry has been changed since the agent indicates that no entry has been changed since the agent
initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime
should be used to populate this column." should be used to populate this column."
::= { cTrustAnchorInfo 2 } ::= { cTrustAnchorInfo 2 }
cTrustAnchorTable OBJECT-TYPE cTrustAnchorTable OBJECT-TYPE
SYNTAX SEQUENCE OF CTrustAnchorEntry SYNTAX SEQUENCE OF CTrustAnchorEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
skipping to change at page 46, line 50 skipping to change at page 47, line 36
::= { cTrustAnchorTable 1 } ::= { cTrustAnchorTable 1 }
CTrustAnchorEntry ::= SEQUENCE { CTrustAnchorEntry ::= SEQUENCE {
cTrustAnchorFingerprint SnmpTLSFingerprint, cTrustAnchorFingerprint SnmpTLSFingerprint,
cTrustAnchorFormatType INTEGER, cTrustAnchorFormatType INTEGER,
cTrustAnchorName OCTET STRING, cTrustAnchorName OCTET STRING,
cTrustAnchorUsageType INTEGER, cTrustAnchorUsageType INTEGER,
cTrustAnchorKeyIdentifier OCTET STRING, cTrustAnchorKeyIdentifier OCTET STRING,
cTrustAnchorPublicKeyAlgorithm OCTET STRING, cTrustAnchorPublicKeyAlgorithm OCTET STRING,
cTrustAnchorContingencyAvail TruthValue, cTrustAnchorContingencyAvail TruthValue,
cTrustAnchorRowStatus RowStatus cTrustAnchorRowStatus RowStatus,
cTrustAnchorVersion OCTET STRING
} }
cTrustAnchorFingerprint OBJECT-TYPE cTrustAnchorFingerprint OBJECT-TYPE
SYNTAX SnmpTLSFingerprint SYNTAX SnmpTLSFingerprint
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An inherent identification of the trust anchor and the "An inherent identification of the trust anchor and the
primary index to the cTrustAnchorTable." primary index to the cTrustAnchorTable."
::= { cTrustAnchorEntry 1 } ::= { cTrustAnchorEntry 1 }
cTrustAnchorFormatType OBJECT-TYPE cTrustAnchorFormatType OBJECT-TYPE
skipping to change at page 49, line 6 skipping to change at page 49, line 42
reference(s) to this object, upon setting this RowStatus to reference(s) to this object, upon setting this RowStatus to
destroy, should be destroyed as well. destroy, should be destroyed as well.
At a minimum, implementations must support active and At a minimum, implementations must support active and
destroy management functions. Support for notInService and destroy management functions. Support for notInService and
notReady management functions is optional. Implementations notReady management functions is optional. Implementations
must not support createAndWait and createAndGo management must not support createAndWait and createAndGo management
functions for this object. functions for this object.
Some implementations may restrict the deletion of Trust Some implementations may restrict the deletion of Trust
Anchors to specific protocols (e.g. TAMP)." Anchors to specific protocols (e.g., TAMP)."
::= { cTrustAnchorEntry 8 } ::= { cTrustAnchorEntry 8 }
cTrustAnchorVersion OBJECT-TYPE
SYNTAX OCTET STRING
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The version of the Trust Anchor."
::= { cTrustAnchorEntry 9 }
-- ***************************************************************** -- *****************************************************************
-- CC MIB cCKLTable -- CC MIB cCKLTable
-- ***************************************************************** -- *****************************************************************
cCKLTableCount OBJECT-TYPE cCKLTableCount OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of rows in the cCKLTable." "The number of rows in the cCKLTable."
::= { cCKLInfo 1 } ::= { cCKLInfo 1 }
cCKLLastChanged OBJECT-TYPE cCKLLastChanged OBJECT-TYPE
SYNTAX TimeStamp SYNTAX TimeStamp
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The last time any entry in the table was modified, created, "The last time any entry in the table was modified, created,
or deleted by either SNMP, agent, or other management method or deleted by either SNMP, agent, or other management method
(e.g. via an HMI). Managers can use this object to ensure (e.g., via an HMI). Managers can use this object to ensure
that no changes to configuration of this table have happened that no changes to configuration of this table have happened
since the last time it examined the table. A value of 0 since the last time it examined the table. A value of 0
indicates that no entry has been changed since the agent indicates that no entry has been changed since the agent
initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime
should be used to populate this column." should be used to populate this column."
::= { cCKLInfo 2 } ::= { cCKLInfo 2 }
cCKLTable OBJECT-TYPE cCKLTable OBJECT-TYPE
SYNTAX SEQUENCE OF CCKLEntry SYNTAX SEQUENCE OF CCKLEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
skipping to change at page 52, line 40 skipping to change at page 53, line 34
"The number of rows in the cCDMStoreTable." "The number of rows in the cCDMStoreTable."
::= { cCDMStoreInfo 1 } ::= { cCDMStoreInfo 1 }
cCDMStoreTableLastChanged OBJECT-TYPE cCDMStoreTableLastChanged OBJECT-TYPE
SYNTAX TimeStamp SYNTAX TimeStamp
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The last time any entry in the table was modified, created, "The last time any entry in the table was modified, created,
or deleted by either SNMP, agent, or other management method or deleted by either SNMP, agent, or other management method
(e.g. via an HMI). Managers can use this object to ensure (e.g., via an HMI). Managers can use this object to ensure
that no changes to configuration of this table have happened that no changes to configuration of this table have happened
since the last time it examined the table. A value of 0 since the last time it examined the table. A value of 0
indicates that no entry has been changed since the agent indicates that no entry has been changed since the agent
initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime
should be used to populate this column." should be used to populate this column."
::= { cCDMStoreInfo 2 } ::= { cCDMStoreInfo 2 }
cCDMStoreTable OBJECT-TYPE cCDMStoreTable OBJECT-TYPE
SYNTAX SEQUENCE OF CCDMStoreEntry SYNTAX SEQUENCE OF CCDMStoreEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
skipping to change at page 53, line 45 skipping to change at page 54, line 39
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A numeric index that identifies a unique location in this "A numeric index that identifies a unique location in this
table." table."
::= { cCDMStoreEntry 1 } ::= { cCDMStoreEntry 1 }
cCDMStoreType OBJECT-TYPE cCDMStoreType OBJECT-TYPE
SYNTAX INTEGER { symKey(1), asymKey(2), trustAnchor(3), SYNTAX INTEGER { symKey(1), asymKey(2), trustAnchor(3),
crl(4), ckl(5), firmware(6), crl(4), ckl(5), firmware(6),
storeAndForwardWrappedPkg(7) } storeAndForwardWrappedPkg(7),
storeAndForwardPkg(8) }
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The type of Crypto Device Material (CDM) populated in this "The type of Crypto Device Material (CDM) populated in this
row. row.
(1) symKey - This row contains information about a stored (1) symKey - This row contains information about a stored
symmetric key. symmetric key.
(2) asymKey - This row contains information about a stored (2) asymKey - This row contains information about a stored
asymmetric key. asymmetric key.
(3) trustAnchor - This row contains information about a (3) trustAnchor - This row contains information about a
stored Trust Anchor (TA). stored Trust Anchor (TA).
(4) crl - This row contains information about a stored (4) crl - This row contains information about a stored
Certificate Revocation List (CRL). Certificate Revocation List (CRL).
(5) ckl - This row contains information about a stored (5) ckl - This row contains information about a stored
Compromised Key List (CKL). Compromised Key List (CKL).
(6) firmware - This row contains information about stored (6) firmware - This row contains information about stored
firmware. firmware.
(7) storeAndForwardWrappedPkg - This row contains (7) storeAndForwardWrappedPkg - This row contains
information about a stored encrypted wrapped package, information about a stored encrypted wrapped package,
typically meant to be forwarded to another device." typically meant to be forwarded to another device.
(8) storeAndForwardPkg - This row contains information
about a stored unencrypted, typically meant to be
forwarded to another device."
::= { cCDMStoreEntry 2 } ::= { cCDMStoreEntry 2 }
cCDMStoreSource OBJECT-TYPE cCDMStoreSource OBJECT-TYPE
SYNTAX SnmpAdminString SYNTAX SnmpAdminString
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An administrative name that identifies the source of this "An administrative name that identifies the source of this
Crypto Device Material (CDM). This could be the URI used Crypto Device Material (CDM). This could be the URI used
when downloaded from the Secure Object Management System when downloaded from the Secure Object Management System
skipping to change at page 55, line 6 skipping to change at page 56, line 4
::= { cCDMStoreEntry 4 } ::= { cCDMStoreEntry 4 }
cCDMStoreFriendlyName OBJECT-TYPE cCDMStoreFriendlyName OBJECT-TYPE
SYNTAX SnmpAdminString SYNTAX SnmpAdminString
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A human readable label of this Crypto Device Material (CDM) "A human readable label of this Crypto Device Material (CDM)
for easier reference. It is used only for helpful or for easier reference. It is used only for helpful or
informational purposes." informational purposes."
::= { cCDMStoreEntry 5 } ::= { cCDMStoreEntry 5 }
cCDMStoreControl OBJECT-TYPE cCDMStoreControl OBJECT-TYPE
SYNTAX INTEGER { readyForInstall(1), install(2), SYNTAX INTEGER { readyForInstall(1), install(2),
installAndDiscard(3) } installAndDiscard(3), other (4) }
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A means to control what happens to the Crypto Device "A means to control what happens to the Crypto Device
Material (CDM) stored in this table. Material (CDM) stored in this table.
(1) readyForInstall - The CDM is ready for installation. (1) readyForInstall - The CDM is ready for installation.
(2) install - The CDM will be installed in the appropriate (2) install - The CDM will be installed in the appropriate
table based on the cCDMStoreType. table based on the cCDMStoreType.
(3) installAndDiscard - The CDM will be installed in the (3) installAndDiscard - The CDM will be installed in the
appropriate table based on the cCDMStoreType and appropriate table based on the cCDMStoreType and
discarded from this table after the install operation is discarded from this table after the install operation is
complete. complete.
(4) other - The CDM will be processed based on family
extension specific action.
Note, setting the cCDMStoreRowStatus object to 'destroy' Note, setting the cCDMStoreRowStatus object to 'destroy'
will discard the CDM." will discard the CDM."
::= { cCDMStoreEntry 6 } ::= { cCDMStoreEntry 6 }
cCDMStoreRowStatus OBJECT-TYPE cCDMStoreRowStatus OBJECT-TYPE
SYNTAX RowStatus SYNTAX RowStatus
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
skipping to change at page 56, line 14 skipping to change at page 57, line 14
"The number of rows in the cCertSubAltNameTable." "The number of rows in the cCertSubAltNameTable."
::= { cCertSubAltNameInfo 1 } ::= { cCertSubAltNameInfo 1 }
cCertSubAltNameTableLastChanged OBJECT-TYPE cCertSubAltNameTableLastChanged OBJECT-TYPE
SYNTAX TimeStamp SYNTAX TimeStamp
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The last time any entry in the table was modified, created, "The last time any entry in the table was modified, created,
or deleted by either SNMP, agent, or other management method or deleted by either SNMP, agent, or other management method
(e.g. via an HMI). Managers can use this object to ensure (e.g., via an HMI). Managers can use this object to ensure
that no changes to configuration of this table have happened that no changes to configuration of this table have happened
since the last time it examined the table. A value of 0 since the last time it examined the table. A value of 0
indicates that no entry has been changed since the agent indicates that no entry has been changed since the agent
initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime
should be used to populate this column." should be used to populate this column."
::= { cCertSubAltNameInfo 2 } ::= { cCertSubAltNameInfo 2 }
cCertSubAltNameTable OBJECT-TYPE cCertSubAltNameTable OBJECT-TYPE
SYNTAX SEQUENCE OF CCertSubAltNameTableEntry SYNTAX SEQUENCE OF CCertSubAltNameTableEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
skipping to change at page 59, line 26 skipping to change at page 60, line 22
"The number of rows in the cCertPathCtrlsTable." "The number of rows in the cCertPathCtrlsTable."
::= { cCertPathCtrlsInfo 1 } ::= { cCertPathCtrlsInfo 1 }
cCertPathCtrlsTableLastChanged OBJECT-TYPE cCertPathCtrlsTableLastChanged OBJECT-TYPE
SYNTAX TimeStamp SYNTAX TimeStamp
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The last time any entry in the table was modified, created, "The last time any entry in the table was modified, created,
or deleted by either SNMP, agent, or other management method or deleted by either SNMP, agent, or other management method
(e.g. via an HMI). Managers can use this object to ensure (e.g., via an HMI). Managers can use this object to ensure
that no changes to configuration of this table have happened that no changes to configuration of this table have happened
since the last time it examined the table. A value of 0 since the last time it examined the table. A value of 0
indicates that no entry has been changed since the agent indicates that no entry has been changed since the agent
initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime
should be used to populate this column." should be used to populate this column."
::= { cCertPathCtrlsInfo 2 } ::= { cCertPathCtrlsInfo 2 }
cCertPathCtrlsTable OBJECT-TYPE cCertPathCtrlsTable OBJECT-TYPE
SYNTAX SEQUENCE OF CCertPathCtrlsEntry SYNTAX SEQUENCE OF CCertPathCtrlsEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
skipping to change at page 61, line 5 skipping to change at page 61, line 51
When this object does not apply for the key material, this When this object does not apply for the key material, this
column will not exist." column will not exist."
::= { cCertPathCtrlsEntry 3 } ::= { cCertPathCtrlsEntry 3 }
cCertPathCtrlsPolicyMappings OBJECT-TYPE cCertPathCtrlsPolicyMappings OBJECT-TYPE
SYNTAX OCTET STRING SYNTAX OCTET STRING
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"For a Certificate Authority (CA) certificate, this "For a Certification Authority (CA) certificate, this
indicates a grouping of policy mappings between a indicates a grouping of policy mappings between a
certificate issuer CA domain policy and a domain policy of certificate issuer CA domain policy and a domain policy of
the subject certificate CA. The value of this column the subject certificate CA. The value of this column
corresponds to the cPolicyMappingGroup column of the corresponds to the cPolicyMappingGroup column of the
cPolicyMappingTable. cPolicyMappingTable.
For non-X.509 based key material, or when this object does For non-X.509 based key material, or when this object does
not apply for the key material, this column will not exist." not apply for the key material, this column will not exist."
::= { cCertPathCtrlsEntry 4 } ::= { cCertPathCtrlsEntry 4 }
skipping to change at page 63, line 7 skipping to change at page 64, line 5
"The number of rows in the cCertPolicyTable." "The number of rows in the cCertPolicyTable."
::= { cCertPolicyInfo 1 } ::= { cCertPolicyInfo 1 }
cCertPolicyTableLastChanged OBJECT-TYPE cCertPolicyTableLastChanged OBJECT-TYPE
SYNTAX TimeStamp SYNTAX TimeStamp
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The last time any entry in the table was modified, created, "The last time any entry in the table was modified, created,
or deleted by either SNMP, agent, or other management method or deleted by either SNMP, agent, or other management method
(e.g. via an HMI). Managers can use this object to ensure (e.g., via an HMI). Managers can use this object to ensure
that no changes to configuration of this table have happened that no changes to configuration of this table have happened
since the last time it examined the table. A value of 0 since the last time it examined the table. A value of 0
indicates that no entry has been changed since the agent indicates that no entry has been changed since the agent
initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime
should be used to populate this column." should be used to populate this column."
::= { cCertPolicyInfo 2 } ::= { cCertPolicyInfo 2 }
cCertPolicyTable OBJECT-TYPE cCertPolicyTable OBJECT-TYPE
SYNTAX SEQUENCE OF CCertPolicyEntry SYNTAX SEQUENCE OF CCertPolicyEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The table containing certificate policy information to be "The table containing certificate policy information to be
provided as input to the certificate path validation provided as input to the certificate path validation
algorithm. For an end entity certificate, this information algorithm. For an end entity certificate, this information
indicates under which policy this certificate has been indicates under which policy this certificate has been
issued and the purposes for which the certificate may be issued and the purposes for which the certificate may be
used. For a Certificate Authority (CA) certificate, this used. For a Certification Authority (CA) certificate, this
information limits the set of policies for certification information limits the set of policies for certification
paths that include this certificate." paths that include this certificate."
::= { cCertPolicyInfo 3 } ::= { cCertPolicyInfo 3 }
cCertPolicyEntry OBJECT-TYPE cCertPolicyEntry OBJECT-TYPE
SYNTAX CCertPolicyEntry SYNTAX CCertPolicyEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A row containing information about a certificate policy." "A row containing information about a certificate policy."
skipping to change at page 64, line 29 skipping to change at page 65, line 27
and qualifier set is defined." and qualifier set is defined."
::= { cCertPolicyEntry 2 } ::= { cCertPolicyEntry 2 }
cCertPolicyIdentifier OBJECT-TYPE cCertPolicyIdentifier OBJECT-TYPE
SYNTAX OBJECT IDENTIFIER SYNTAX OBJECT IDENTIFIER
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"For end entity certificates, this is an identifier for the "For end entity certificates, this is an identifier for the
policy under which the certificate has been issued. For policy under which the certificate has been issued. For
Certificate Authority (CA) certificates, this is an Certification Authority (CA) certificates, this is an
identifier for a certification path policy that includes identifier for a certification path policy that includes
this certificate." this certificate."
::= { cCertPolicyEntry 3 } ::= { cCertPolicyEntry 3 }
cCertPolicyQualifierID OBJECT-TYPE cCertPolicyQualifierID OBJECT-TYPE
SYNTAX INTEGER { cpsPointer(0), userNotice(1) } SYNTAX INTEGER { cpsPointer(0), userNotice(1) }
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Indicates the type of qualifier per RFC 5280, "Indicates the type of qualifier per RFC 5280,
skipping to change at page 65, line 24 skipping to change at page 66, line 21
"The number of rows in the cPolicyMappingTable." "The number of rows in the cPolicyMappingTable."
::= { cPolicyMappingInfo 1 } ::= { cPolicyMappingInfo 1 }
cPolicyMappingTableLastChanged OBJECT-TYPE cPolicyMappingTableLastChanged OBJECT-TYPE
SYNTAX TimeStamp SYNTAX TimeStamp
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The last time any entry in the table was modified, created, "The last time any entry in the table was modified, created,
or deleted by either SNMP, agent, or other management method or deleted by either SNMP, agent, or other management method
(e.g., via an HMI). Managers can use this object to ensure
(e.g. via an HMI). Managers can use this object to ensure
that no changes to configuration of this table have happened that no changes to configuration of this table have happened
since the last time it examined the table. A value of 0 since the last time it examined the table. A value of 0
indicates that no entry has been changed since the agent indicates that no entry has been changed since the agent
initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime
should be used to populate this column." should be used to populate this column."
::= { cPolicyMappingInfo 2 } ::= { cPolicyMappingInfo 2 }
cPolicyMappingTable OBJECT-TYPE cPolicyMappingTable OBJECT-TYPE
SYNTAX SEQUENCE OF CPolicyMappingEntry SYNTAX SEQUENCE OF CPolicyMappingEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The table listing mappings between policies that a "The table listing mappings between policies that a
certificate issuing Certificate Authority (CA) considers as certificate issuing Certification Authority (CA) considers
equivalent or comparable to the domain policies of the as equivalent or comparable to the domain policies of the
subject certificate CA." subject certificate's CA."
::= { cPolicyMappingInfo 3 } ::= { cPolicyMappingInfo 3 }
cPolicyMappingEntry OBJECT-TYPE cPolicyMappingEntry OBJECT-TYPE
SYNTAX CPolicyMappingEntry SYNTAX CPolicyMappingEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A row containing a mapping between the domain policy of an "A row containing a mapping between the domain policy of an
issuing Certificate Authority (CA) and an equivalent domain issuing Certification Authority (CA) and an equivalent
policy of the subject certificate's CA." domain policy of the subject certificate's CA."
INDEX { cPolicyMappingGroup, cPolicyMappingIndex } INDEX { cPolicyMappingGroup, cPolicyMappingIndex }
::= { cPolicyMappingTable 1 } ::= { cPolicyMappingTable 1 }
CPolicyMappingEntry ::= SEQUENCE { CPolicyMappingEntry ::= SEQUENCE {
cPolicyMappingGroup OCTET STRING, cPolicyMappingGroup OCTET STRING,
cPolicyMappingIndex Unsigned32, cPolicyMappingIndex Unsigned32,
cPolicyMappingSubjectPolicy OBJECT IDENTIFIER, cPolicyMappingSubjectPolicy OBJECT IDENTIFIER,
cPolicyMappingIssuerPolicy OBJECT IDENTIFIER cPolicyMappingIssuerPolicy OBJECT IDENTIFIER
} }
skipping to change at page 66, line 38 skipping to change at page 67, line 35
"A numerical index that is unique for a specific "A numerical index that is unique for a specific
cPolicyMappingGroup value. When used in conjunction with cPolicyMappingGroup value. When used in conjunction with
cPolicyMappingGroup, a unique policy mapping is defined." cPolicyMappingGroup, a unique policy mapping is defined."
::= { cPolicyMappingEntry 2 } ::= { cPolicyMappingEntry 2 }
cPolicyMappingSubjectPolicy OBJECT-TYPE cPolicyMappingSubjectPolicy OBJECT-TYPE
SYNTAX OBJECT IDENTIFIER SYNTAX OBJECT IDENTIFIER
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Indicates the subject Certificate Authority's domain "Indicates the subject Certification Authority's domain
policy." policy."
::= { cPolicyMappingEntry 3 } ::= { cPolicyMappingEntry 3 }
cPolicyMappingIssuerPolicy OBJECT-TYPE cPolicyMappingIssuerPolicy OBJECT-TYPE
SYNTAX OBJECT IDENTIFIER SYNTAX OBJECT IDENTIFIER
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Indicates the issuer domain policy that the issuer "Indicates the issuer domain policy that the issuer
Certificate Authority (CA) considers equivalent to the Certification Authority (CA) considers equivalent to the
subject CA domain policy." subject CA domain policy."
::= { cPolicyMappingEntry 4 } ::= { cPolicyMappingEntry 4 }
-- ***************************************************************** -- *****************************************************************
-- CC MIB cNameConstraintTable -- CC MIB cNameConstraintTable
-- ***************************************************************** -- *****************************************************************
cNameConstraintTableCount OBJECT-TYPE cNameConstraintTableCount OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of rows in the cNameConstraintTable." "The number of rows in the cNameConstraintTable."
::= { cNameConstraintInfo 1 } ::= { cNameConstraintInfo 1 }
cNameConstraintTableLastChanged OBJECT-TYPE cNameConstraintTableLastChanged OBJECT-TYPE
SYNTAX TimeStamp SYNTAX TimeStamp
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The last time any entry in the table was modified, created, "The last time any entry in the table was modified, created,
or deleted by either SNMP, agent, or other management method or deleted by either SNMP, agent, or other management method
(e.g. via an HMI). Managers can use this object to ensure (e.g., via an HMI). Managers can use this object to ensure
that no changes to configuration of this table have happened that no changes to configuration of this table have happened
since the last time it examined the table. A value of 0 since the last time it examined the table. A value of 0
indicates that no entry has been changed since the agent indicates that no entry has been changed since the agent
initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime
should be used to populate this column." should be used to populate this column."
::= { cNameConstraintInfo 2 } ::= { cNameConstraintInfo 2 }
cNameConstraintTable OBJECT-TYPE cNameConstraintTable OBJECT-TYPE
SYNTAX SEQUENCE OF CNameConstraintEntry SYNTAX SEQUENCE OF CNameConstraintEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
skipping to change at page 68, line 42 skipping to change at page 69, line 38
cNameConstraintBaseName OBJECT-TYPE cNameConstraintBaseName OBJECT-TYPE
SYNTAX SnmpAdminString SYNTAX SnmpAdminString
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The distinguished name of the subject that is permitted or "The distinguished name of the subject that is permitted or
excluded." excluded."
::= { cNameConstraintEntry 3 } ::= { cNameConstraintEntry 3 }
-- ***************************************************************** -- *****************************************************************
-- CC MIB cRemoteKeyMaterialTable
-- *****************************************************************
cRemoteKeyMaterialTableCount OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of rows in the cRemoteKeyMaterialTable."
::= { cRemoteKeyMaterialInfo 1 }
cRemoteKeyMaterialTableLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The last time any entry in the table was modified,
created, or deleted by either SNMP, agent, or other
management method (e.g., via an HMI) Managers can use this
object to ensure that no changes to configuration of this
table have happened since the last time it examined the
table. A value of 0 indicates that no entry has been
changed since the agent initialized. The value in
CC-DEVICE-INFO-MIB cSystemUpTime should be used to populate
this column."
::= { cRemoteKeyMaterialInfo 2 }
cRemoteKeyMaterialTable OBJECT-TYPE
SYNTAX SEQUENCE OF CRemoteKeyMaterialTableEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The table containing remote key material information -
namely, key material used to help establish the secure
connection."
::= { cRemoteKeyMaterialInfo 3 }
cRemoteKeyMaterialTableEntry OBJECT-TYPE
SYNTAX CRemoteKeyMaterialTableEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A row describing the remote key material information used
to establish the secure connection."
INDEX { cRemoteKeyMaterialID }
::= { cRemoteKeyMaterialTable 1 }
CRemoteKeyMaterialTableEntry ::= SEQUENCE {
cRemoteKeyMaterialID OCTET STRING,
cRemoteKeyMatFriendlyName SnmpAdminString,
cRemoteKeyMatSerialNumber OCTET STRING,
cRemoteKeyMaterialKeyType OCTET STRING,
cRemoteKeyMatExpirationDate DateAndTime,
cRemoteKeyMatClassification BITS
}
cRemoteKeyMaterialID OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(1..255))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Represents a unique identifier assigned to this key
material. This would typically be an identifier inherent to
the key material, such as a serial number or other form of
identifier derived from a tag or other key wrapper. This
object differs from cRemoteKeyMatFriendlyName which is a
user-defined ID."
::= { cRemoteKeyMaterialTableEntry 1 }
cRemoteKeyMatFriendlyName OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"A human readable label of the key for easier reference. It
is used only for helpful or informational purposes."
::= { cRemoteKeyMaterialTableEntry 2 }
cRemoteKeyMatSerialNumber OBJECT-TYPE
SYNTAX OCTET STRING
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The unique positive integer assigned to the remote key
material. Note, this information may not be available in
some key material types."
::= { cRemoteKeyMaterialTableEntry 3 }
cRemoteKeyMaterialKeyType OBJECT-TYPE
SYNTAX OCTET STRING
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This column describes the type of remote key material.
Note, this is a free form OCTET STRING column.
Implementations are expected to utilize definition of
string values that apply to their specific nomenclature
supported. If no such nomenclature exists, this column
should not be populated or be set to an empty string
(i.e., '')."
::= { cRemoteKeyMaterialTableEntry 4 }
cRemoteKeyMatExpirationDate OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The expiration date of the key."
::= { cRemoteKeyMaterialTableEntry 5 }
cRemoteKeyMatClassification OBJECT-TYPE
SYNTAX BITS { unclassified(0), restricted(1),
confidential(2), secret(3), topSecret(4) }
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The classification of the key.
Bit value translation:
1000 0000 = unclassified
0100 0000 = restricted
0010 0000 = confidential
0001 0000 = secret
0000 1000 = topSecret
This column does not exist for devices that do not have
the concept of classification."
::= { cRemoteKeyMaterialTableEntry 6 }
-- *****************************************************************
-- Module Conformance Information -- Module Conformance Information
-- ***************************************************************** -- *****************************************************************
cKeyManagementCompliances OBJECT IDENTIFIER cKeyManagementCompliances OBJECT IDENTIFIER
::= { cKeyManagementConformance 1} ::= { cKeyManagementConformance 1}
cKeyManagementGroups OBJECT IDENTIFIER cKeyManagementGroups OBJECT IDENTIFIER
::= { cKeyManagementConformance 2} ::= { cKeyManagementConformance 2}
cKeyManSymKeyCompliance MODULE-COMPLIANCE cKeyManSymKeyCompliance MODULE-COMPLIANCE
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Compliance levels for symmetric key information." "Compliance levels for symmetric key information."
MODULE MODULE
MANDATORY-GROUPS { cKeyManSymKeyGroup } MANDATORY-GROUPS { cKeyManSymKeyGroup, cKeyManRemoteKeyGroup }
GROUP cKeyManSymKeyNotifyScalars GROUP cKeyManSymKeyNotifyScalars
DESCRIPTION DESCRIPTION
"This symmetric key notification scalar group is optional "This symmetric key notification scalar group is optional
for implementation." for implementation."
GROUP cKeyManSymKeyNotifyGroup GROUP cKeyManSymKeyNotifyGroup
DESCRIPTION DESCRIPTION
"This notification group is optional for implementation." "This notification group is optional for implementation."
::= { cKeyManagementCompliances 1 } ::= { cKeyManagementCompliances 1 }
cKeyManAsymKeyCompliance MODULE-COMPLIANCE cKeyManAsymKeyCompliance MODULE-COMPLIANCE
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Compliance levels for asymmetric key information." "Compliance levels for asymmetric key information."
MODULE MODULE
MANDATORY-GROUPS { cKeyManAsymKeyGroup } MANDATORY-GROUPS { cKeyManAsymKeyGroup, cKeyManRemoteKeyGroup }
GROUP cKeyManCertSubAltNameGroup GROUP cKeyManCertSubAltNameGroup
DESCRIPTION DESCRIPTION
"Certificate Subject Alternative Name group is optional for "Certificate Subject Alternative Name group is optional for
implementation." implementation."
GROUP cKeyManCertPathCtrlsGroup GROUP cKeyManCertPathCtrlsGroup
DESCRIPTION DESCRIPTION
"Certificate Path Controls group is optional for "Certificate Path Controls group is optional for
implementation." implementation."
skipping to change at page 72, line 52 skipping to change at page 76, line 34
cAsymKeyExpirationDate, cAsymKeyExpirationDate,
cAsymKeyExpiryWarning, cAsymKeyExpiryWarning,
cAsymKeySubject, cAsymKeySubject,
cAsymKeySubjectType, cAsymKeySubjectType,
cAsymKeyUsage, cAsymKeyUsage,
cAsymKeyClassification, cAsymKeyClassification,
cAsymKeySource, cAsymKeySource,
cAsymKeyRowStatus, cAsymKeyRowStatus,
cAsymKeyVersion, cAsymKeyVersion,
cAsymKeyRekey, cAsymKeyRekey,
cAsymKeyType cAsymKeyType,
cAsymKeyAutoRekeyEnable
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This group is composed of objects related to asymmetric key "This group is composed of objects related to asymmetric key
information." information."
::= { cKeyManagementGroups 2 } ::= { cKeyManagementGroups 2 }
cKeyManCertSubAltNameGroup OBJECT-GROUP cKeyManCertSubAltNameGroup OBJECT-GROUP
OBJECTS { OBJECTS {
cAsymKeySubjectAltName, cAsymKeySubjectAltName,
skipping to change at page 74, line 49 skipping to change at page 78, line 32
cZeroizeTrustAnchorTable, cZeroizeTrustAnchorTable,
cTrustAnchorTableCount, cTrustAnchorTableCount,
cTrustAnchorTableLastChanged, cTrustAnchorTableLastChanged,
cTrustAnchorFingerprint, cTrustAnchorFingerprint,
cTrustAnchorFormatType, cTrustAnchorFormatType,
cTrustAnchorName, cTrustAnchorName,
cTrustAnchorUsageType, cTrustAnchorUsageType,
cTrustAnchorKeyIdentifier, cTrustAnchorKeyIdentifier,
cTrustAnchorPublicKeyAlgorithm, cTrustAnchorPublicKeyAlgorithm,
cTrustAnchorContingencyAvail, cTrustAnchorContingencyAvail,
cTrustAnchorRowStatus cTrustAnchorRowStatus,
cTrustAnchorVersion
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This group is composed of objects related to trust anchor "This group is composed of objects related to trust anchor
information." information."
::= { cKeyManagementGroups 8 } ::= { cKeyManagementGroups 8 }
cKeyManCKLGroup OBJECT-GROUP cKeyManCKLGroup OBJECT-GROUP
OBJECTS { OBJECTS {
cCKLTableCount, cCKLTableCount,
skipping to change at page 77, line 41 skipping to change at page 81, line 23
NOTIFICATIONS { NOTIFICATIONS {
cCDMAdded, cCDMAdded,
cCDMDeleted cCDMDeleted
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This group is composed of notifications related to Crypto "This group is composed of notifications related to Crypto
Device Material store information." Device Material store information."
::= { cKeyManagementGroups 17 } ::= { cKeyManagementGroups 17 }
cKeyManRemoteKeyGroup OBJECT-GROUP
OBJECTS {
cRemoteKeyMaterialTableCount,
cRemoteKeyMaterialTableLastChanged,
cRemoteKeyMatFriendlyName,
cRemoteKeyMatSerialNumber,
cRemoteKeyMaterialKeyType,
cRemoteKeyMatExpirationDate,
cRemoteKeyMatClassification
}
STATUS current
DESCRIPTION
"This group is composed of objects related to remote key
information."
::= { cKeyManagementGroups 18 }
END END
5.6. Key Transfer Pull 5.5. Key Transfer Pull
This MIB module makes reference to the following documents: This MIB module makes reference to the following documents:
[RFC2578], [RFC2579], [RFC2580], and [RFC3411]. [RFC2578], [RFC2579], [RFC2580], and [RFC3411].
CC-KEY-TRANSFER-PULL-MIB DEFINITIONS ::= BEGIN CC-KEY-TRANSFER-PULL-MIB DEFINITIONS ::= BEGIN
IMPORTS IMPORTS
ccKeyTransferPull ccKeyTransferPull
FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}} FROM CC-FEATURE-HIERARCHY-MIB -- FROM Sec 5.2
MODULE-COMPLIANCE, OBJECT-GROUP, MODULE-COMPLIANCE, OBJECT-GROUP,
NOTIFICATION-GROUP NOTIFICATION-GROUP
FROM SNMPv2-CONF -- FROM RFC 2580 FROM SNMPv2-CONF -- FROM RFC 2580
OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE, OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE,
MODULE-IDENTITY MODULE-IDENTITY
FROM SNMPv2-SMI -- FROM RFC 2578 FROM SNMPv2-SMI -- FROM RFC 2578
SnmpAdminString SnmpAdminString
FROM SNMP-FRAMEWORK-MIB -- FROM RFC 3411 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 3411
RowStatus, TimeStamp RowStatus, TimeStamp
FROM SNMPv2-TC; -- FROM RFC 2579 FROM SNMPv2-TC; -- FROM RFC 2579
ccKeyTransferPullMIB MODULE-IDENTITY ccKeyTransferPullMIB MODULE-IDENTITY
LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU LAST-UPDATED "201609302154Z"
ORGANIZATION "IETF" ORGANIZATION "CCMIB CCB"
CONTACT-INFO CONTACT-INFO
"Shadi Azoum "CC MIB Configuration Control Board
US Navy Email: CCMIB.CCB@us.af.mil"
email: shadi.azoum@navy.mil
Elliott Jones
US Navy
elliott.jones@navy.mil
Lily Sun
US Navy
lily.sun@navy.mil
Mike Irani
NKI Engineering
irani@nkiengineering.com
Jeffrey Sun
NKI Engineering
sunjeff@nkiengineering.com
Ray Purvis
MITRE
Email:rpurvis@mitre.org
Sean Turner
sn3rd
Email:sean@sn3rd.com"
DESCRIPTION DESCRIPTION
"This MIB defines the CC MIB Key Transfer Pull objects. "This MIB defines the CC MIB Key Transfer Pull objects.
Copyright (c) 2017 IETF Trust and the persons Copyright (c) 2019 IETF Trust and the persons
identified as authors of the code. All rights reserved. identified as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with Redistribution and use in source and binary forms, with
or without modification, is permitted pursuant to, and or without modification, is permitted pursuant to, and
subject to the license terms contained in, the Simplified subject to the license terms contained in, the Simplified
BSD License set forth in Section 4.c of the IETF Trust's BSD License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this MIB module is part of RFC xxxx; This version of this MIB module is part of RFC xxxx;
see the RFC itself for full legal notices." see the RFC itself for full legal notices."
-- RFC Ed.: RFC-editor please fill in xxxx. -- RFC Ed.: RFC-editor please fill in xxxx.
REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU REVISION "201609302154Z"
DESCRIPTION "Initial Version. Published as RFC xxxx." DESCRIPTION "CC MIB 1.0.5 FINAL. Published as RFC xxxx."
-- RFC Ed.: RFC-editor please fill in xxxx. -- RFC Ed.: RFC-editor please fill in xxxx.
::= { 1 } ::= { ccKeyTransferPull 1 }
-- ***************************************************************** -- *****************************************************************
-- Key Transfer Pull Information Segments -- Key Transfer Pull Information Segments
-- ***************************************************************** -- *****************************************************************
cKeyTransferPullConformance OBJECT IDENTIFIER cKeyTransferPullConformance OBJECT IDENTIFIER
::= { ccKeyTransferPullMIB 1 } ::= { ccKeyTransferPullMIB 1 }
cKeyTransferPullScalars OBJECT IDENTIFIER cKeyTransferPullScalars OBJECT IDENTIFIER
::= { ccKeyTransferPullMIB 2 } ::= { ccKeyTransferPullMIB 2 }
cKeyTransferPullNotify OBJECT IDENTIFIER cKeyTransferPullNotify OBJECT IDENTIFIER
::= { ccKeyTransferPullMIB 3 } ::= { ccKeyTransferPullMIB 3 }
cSOMSServerInfo OBJECT IDENTIFIER cCDMServerInfo OBJECT IDENTIFIER
::= { ccKeyTransferPullMIB 4 } ::= { ccKeyTransferPullMIB 4 }
cCDMDeliveryInfo OBJECT IDENTIFIER cCDMDeliveryInfo OBJECT IDENTIFIER
::= { ccKeyTransferPullMIB 5 } ::= { ccKeyTransferPullMIB 5 }
-- ***************************************************************** -- *****************************************************************
-- Key Transfer Pull Scalars -- Key Transfer Pull Scalars
-- ***************************************************************** -- *****************************************************************
cSOMSServerRetryDelay OBJECT-TYPE cCDMServerRetryDelay OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The amount of time to wait after a download attempt to the "The amount of time to wait after a download attempt to the
Secure Object Management System (SOMS) server fails before Cryptographic Device Material (CDM) server fails before
attempting to retry the operation. Note, this scalar applies attempting to retry the operation. Note, this scalar applies
to the download of any type of item from the SOMS server to the download of any type of item from the CDM server
(e.g. CDMs, PALs)." (e.g., CDMs, CDMLs)."
::= { cKeyTransferPullScalars 1 } ::= { cKeyTransferPullScalars 1 }
cSOMSServerRetryMaxAttempts OBJECT-TYPE cCDMServerRetryMaxAttempts OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The amount of retries attempted before the download attempt "The amount of retries attempted before the download attempt
to the Secure Object Management System (SOMS) server is to the Cryptographic Device Material (CDM) server is
considered a failure. Note, this scalar applies to the considered a failure. Note, this scalar applies to the
download of any type of item from the SOMS server (e.g. download of any type of item from the CDM server (e.g.,
CDMs, PALs)." CDMs, CDMLs)."
::= { cKeyTransferPullScalars 2 } ::= { cKeyTransferPullScalars 2 }
cCDMPullRetrievalPriorities OBJECT-TYPE cCDMPullRetrievalPriorities OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An indication of which cryptographic device materials "An indication of which cryptographic device materials
(CDMs) to retrieve based on this value and a configured (CDMs) to retrieve based on this value and a configured
cCDMDeliveryPriority in a cCDMDeliveryTable entry. This cCDMDeliveryPriority in a cCDMDeliveryTable entry. This
value identifies an upper bound. A value of '5' for example, value identifies an upper bound. A value of '5' for example,
implies that only cCDMDeliveryTable entries with a implies that only cCDMDeliveryTable entries with a
cCDMDeliveryPriority value of '5' or less can be acted upon cCDMDeliveryPriority value of '5' or less can be acted upon
(i.e. retrieved). (i.e., retrieved).
Different types of ECUs may have different values for this Different types of ECUs may have different values for this
scalar. Bandwidth-limited ECUs, for example, may configure scalar. Bandwidth-limited ECUs, for example, may configure
lower values for only retrieving high-priority CDMs. lower values for only retrieving high-priority CDMs.
A value of 0, also a default value for this scalar, A value of 0, also a default value for this scalar,
indicates that all cCDMDeliveryTable entries can be acted indicates that all cCDMDeliveryTable entries can be acted
upon regardless of the configured cCDMDeliveryPriority upon regardless of the configured cCDMDeliveryPriority
value." value."
DEFVAL {0} DEFVAL {0}
::= { cKeyTransferPullScalars 3 } ::= { cKeyTransferPullScalars 3 }
cPALDeliveryRequest OBJECT-TYPE cCDMLDeliveryRequest OBJECT-TYPE
SYNTAX INTEGER { readyForDownload(1), downloadAndParse(2), SYNTAX INTEGER { readyForDownload(1), downloadAndParse(2),
discard(3) } discard(3) }
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This scalar controls the server's PAL download process - "This scalar controls the server's CDML download process -
server information is stored in the cSOMSServerTable. When server information is stored in the cCDMServerTable. When
read, it will return 'readyForDownload' if the last action read, it will return 'readyForDownload' if the last action
succeeded. If the last action is in progress or failed, it succeeded. If the last action is in progress or failed, it
will return the last requested action. will return the last requested action.
The values which may be set depend on the current value of The values which may be set depend on the current value of
this object and the cPALDeliveryStatus object. this object and the cCDMLDeliveryStatus object.
In order to initiate a new download, this object must In order to initiate a new download, this object must
contain the value 'readyForDownload', and the contain the value 'readyForDownload', and the
cPALDeliveryStatus must contain the value 'complete'. At cCDMLDeliveryStatus must contain the value 'complete'. At
which point, setting this object to to 'downloadAndParse' which point, setting this object to to 'downloadAndParse'
initiates the PAL download process. Note, the initiates the CDML download process. Note, the
cPALDeliveryStatus should transition to 'inProgress' at cCDMLDeliveryStatus should transition to 'inProgress' at
the device begins the PAL download process from the the device begins the CDML download process from the
server(s) and URI(s) listed in the cSOMSServerTable (as server(s) and URI(s) listed in the cCDMLServerTable (as
ordered by the cSOMSServerPriority index). ordered by the cCDMLServerPriority index).
If the PAL download fails, the next highest priority URI If the CDML download fails, the next highest priority URI
will be tried, and so on. will be tried, and so on.
While a PAL download is in progress, or if the PAL While a CDML download is in progress, or if the CDML
download fails for all possible servers and URIs (indicated download fails for all possible servers and URIs (indicated
by a cPALDeliveryStatus value of 'downloadFailed'), this by a cCDMLDeliveryStatus value of 'downloadFailed'), this
object will return an inconsistentValue error for any new object will return an inconsistentValue error for any new
value except 'discard' (which will cancel the current value except 'discard' (which will cancel the current
download). download).
If the PAL download succeeded, the cPALDeliveryStatus value If the CDML download succeeded, the cCMDLDeliveryStatus
remains inProgress and the device attempts to parse the value remains inProgress and the device attempts to parse
download immediately. During the parsing of the PAL, all the download immediately. During the parsing of the CDML,
new values will return inconsistentValue error (i.e. the all new values will return inconsistentValue error (i.e.,
parse process can not be aborted). If the parse fails, the the parse process can not be aborted). If the parse fails,
cPALDeliveryStatus will transition to 'parseFailed', and the cCDMLDeliveryStatus will transition to 'parseFailed',
this object must be set to 'discard' before a new PAL and this object must be set to 'discard' before a new CDML
download is attempted." download is attempted."
::= { cKeyTransferPullScalars 4 } ::= { cKeyTransferPullScalars 4 }
cPALDeliveryStatus OBJECT-TYPE cCDMLDeliveryStatus OBJECT-TYPE
SYNTAX INTEGER { complete(1), inProgress(2), SYNTAX INTEGER { complete(1), inProgress(2),
downloadFailed(3), downloadFailed(3),
parseFailed(4) } parseFailed(4) }
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This indicates the current state of a PAL download. "This indicates the current state of a CDML download.
'complete' indicates that the last requested 'complete' indicates that the last requested
cPALDeliveryRequest action was successful. cCDMLDeliveryRequest action was successful.
'inProgress' indicates that a PAL download or PAL parse is 'inProgress' indicates that a CDML download or CDML parse is
underway. underway.
'downloadFailed' indicates that the last attempted PAL 'downloadFailed' indicates that the last attempted CDML
download failed. download failed.
'parseFailed' indicates that the last attempted PAL parse 'parseFailed' indicates that the last attempted CDML parse
failed. failed.
The relationship between this object and The relationship between this object and
cPALDeliveryRequest is detailed in the following table. The cCDMLDeliveryRequest is detailed in the following table. The
table indicates values of cPALDeliveryRequest that are table indicates values of cCDMLDeliveryRequest that are
allowed depending on the current value of this object. allowed depending on the current value of this object.
cPALDeliveryRequest! cPALDeliveryStatus cCDMLDeliveryRequest! cCDMLDeliveryStatus
--------------------+-----------+----------+--------------+------------ --------------------+-----------+----------+--------------+------------
! ! complete !inProgress!downloadFailed!parseFailed! ! ! complete !inProgress!downloadFailed!parseFailed!
--------------------+-----------+----------+--------------+------------ --------------------+-----------+----------+--------------+------------
! readyForDownload ! allowed ! error ! error ! error ! ! readyForDownload ! allowed ! error ! error ! error !
--------------------+-----------+----------+--------------+------------ --------------------+-----------+----------+--------------+------------
! downloadAndParse ! allowed ! error ! error ! error ! ! downloadAndParse ! allowed ! error ! error ! error !
--------------------+-----------+----------+--------------+------------ --------------------+-----------+----------+--------------+------------
! discard ! error ! allowed ! allowed ! allowed ! ! discard ! error ! allowed ! allowed ! allowed !
--------------------+-----------+----------+--------------+------------ --------------------+-----------+----------+--------------+------------
As described cPALDeliveryRequest description, an As described cCDMLDeliveryRequest description, an
inconsistentValue error is returned." inconsistentValue error is returned."
DEFVAL {complete} DEFVAL { complete }
::= { cKeyTransferPullScalars 5 } ::= { cKeyTransferPullScalars 5 }
-- ***************************************************************** -- *****************************************************************
-- Key Transfer Pull Notifications -- Key Transfer Pull Notifications
-- ***************************************************************** -- *****************************************************************
cPALPullReceiveSuccess NOTIFICATION-TYPE cCDMLPullReceiveSuccess NOTIFICATION-TYPE
OBJECTS { cSOMSServerURI } OBJECTS { cCDMServerURI }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An attempt to receive a Product Availablity List (PAL) has "An attempt to receive a cryptographic device material
succeeded. The Secure Object Management System (SOMS) server list (CDML) succeeded. The CDM server URI is provided with
URI is provided with this notification." this notification."
::= { cKeyTransferPullNotify 1 } ::= { cKeyTransferPullNotify 1 }
cPALPullReceiveFailed NOTIFICATION-TYPE cCDMLPullReceiveFailed NOTIFICATION-TYPE
OBJECTS { OBJECTS {
cSOMSServerURI, cCDMServerURI,
cPALDeliveryStatus cCDMLDeliveryStatus
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An attempt to receive a Product Availability List (PAL) "An attempt to receive a cryptographic device material
has failed. The Secure Object Management System (SOMS) list (CDML) has failed. The CDM server URI and CDML Delivery
server URI and PAL Delivery Status are provided with this Status are provided with this notification. Note, the
notification. Note, the expected values for the PAL expected values for the CDML Delivery Status are:
Delivery Status are: 'downloadFailed' and 'parseFailed'." 'downloadFailed' and 'parseFailed'."
::= { cKeyTransferPullNotify 2 } ::= { cKeyTransferPullNotify 2 }
cCDMPullReceiveSuccess NOTIFICATION-TYPE cCDMPullReceiveSuccess NOTIFICATION-TYPE
OBJECTS { OBJECTS {
cCDMType, cCDMType,
cCDMURI cCDMURI
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An attempt to receive a cryptographic device material (CDM) "An attempt to receive a cryptographic device material (CDM)
has succeeded. The CDM Type and CDM URI are provided with has succeeded. The CDM Type and CDM URI are provided with
this notification." this notification."
::= { cKeyTransferPullNotify 3 } ::= { cKeyTransferPullNotify 3 }
cCDMPullReceiveFailed NOTIFICATION-TYPE cCDMPullReceiveFailed NOTIFICATION-TYPE
OBJECTS { OBJECTS {
cCDMType, cCDMType,
cCDMURI cCDMURI
} }
skipping to change at page 83, line 31 skipping to change at page 87, line 4
cCDMPullReceiveFailed NOTIFICATION-TYPE cCDMPullReceiveFailed NOTIFICATION-TYPE
OBJECTS { OBJECTS {
cCDMType, cCDMType,
cCDMURI cCDMURI
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An attempt to receive a cryptographic device material (CDM) "An attempt to receive a cryptographic device material (CDM)
has failed. The CDM Type and CDM URI are provided with this has failed. The CDM Type and CDM URI are provided with this
notification." notification."
::= { cKeyTransferPullNotify 4 } ::= { cKeyTransferPullNotify 4 }
-- ***************************************************************** -- *****************************************************************
-- CC MIB cSOMSServerTable -- CC MIB cCDMServerTable
-- ***************************************************************** -- *****************************************************************
cSOMSServerTableCount OBJECT-TYPE cCDMServerTableCount OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of rows in the cSOMSServerTable" "The number of rows in the cCDMServerTable."
::= { cSOMSServerInfo 1 } ::= { cCDMServerInfo 1 }
cSOMSServerTableLastChanged OBJECT-TYPE cCDMServerTableLastChanged OBJECT-TYPE
SYNTAX TimeStamp SYNTAX TimeStamp
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The last time any entry in the table was modified, created, "The last time any entry in the table was modified, created,
or deleted by either SNMP, agent, or other management method or deleted by either SNMP, agent, or other management method
(e.g. via an HMI). Managers can use this object to ensure (e.g., via an HMI). Managers can use this object to ensure
that no changes to configuration of this table have happened that no changes to configuration of this table have happened
since the last time it examined the table. A value of 0 since the last time it examined the table. A value of 0
indicates that no entry has been changed since the agent indicates that no entry has been changed since the agent
initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime
should be used to populate this column." should be used to populate this column."
::= { cSOMSServerInfo 2 } ::= { cCDMServerInfo 2 }
cSOMSServerTable OBJECT-TYPE cCDMServerTable OBJECT-TYPE
SYNTAX SEQUENCE OF CSOMSServerEntry SYNTAX SEQUENCE OF CCDMServerEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The table containing a list of servers that will be queried "The table containing a list of servers that will be queried
for available cryptographic device materials (CDMs), such as for available cryptographic device materials (CDMs), such as
keys and firmware packages. This table is also used to keys and firmware packages. This table is also used to
obtain the Product Avaialability List (PAL), which is a list obtain the cryptographic device material list (CDML), which
detailing available CDMs and their associated location for is a list detailing available CDMs and their associated
obtainment." location for obtainment."
::= { cSOMSServerInfo 3 } ::= { cCDMServerInfo 3 }
cSOMSServerEntry OBJECT-TYPE cCDMServerEntry OBJECT-TYPE
SYNTAX CSOMSServerEntry SYNTAX CCDMServerEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A row containing information about a server that has "A row containing information about a server that has
available PALs/CDMs for download." available CDMLs/CDMs for download."
INDEX { cSOMSServerPriority } INDEX { cCDMServerPriority }
::= { cSOMSServerTable 1 } ::= { cCDMServerTable 1 }
CSOMSServerEntry ::= SEQUENCE { CCDMServerEntry ::= SEQUENCE {
cSOMSServerPriority Unsigned32, cCDMServerPriority Unsigned32,
cSOMSServerURI OCTET STRING, cCDMServerURI OCTET STRING,
cSOMSServerAdditionalInfo SnmpAdminString, cCDMServerAdditionalInfo SnmpAdminString,
cSOMSServerRowStatus RowStatus cCDMServerRowStatus RowStatus
} }
cSOMSServerPriority OBJECT-TYPE cCDMServerPriority OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A unique numeric index that identifies a server that has "A unique numeric index that identifies a server that has
available PALs/CDMs for download. This index also provides available CDMLs/CDMs for download. This index also provides
server prioritization functionality - lower values have a server prioritization functionality - lower values have a
higher priority. For example, the server with the lowest higher priority. For example, the server with the lowest
value will be the first server for PAL/CDM downloads. In value will be the first server for CDML/CDM downloads. In
the event of failure, the next lowest value server will be the event of failure, the next lowest value server will be
tried, and so on. tried, and so on.
This column is the sole index to the cSOMSServerTable." This column is the sole index to the cCDMServerTable."
::= { cSOMSServerEntry 1 } ::= { cCDMServerEntry 1 }
cSOMSServerURI OBJECT-TYPE cCDMServerURI OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(1..255)) SYNTAX OCTET STRING (SIZE(1..255))
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The location of the server that has available PALs/CDMs "The location of the server that has available CDMLs/CDMs
for download. The value in this column is represented as a for download. The value in this column is represented as a
URI. URI.
Note, download of a PAL will typically result in the Note, download of a CDML will typically result in the
population of new CDM entries in the cCDMDeliveryTable." population of new CDM entries in the cCDMDeliveryTable."
::= { cSOMSServerEntry 2 } ::= { cCDMServerEntry 2 }
cSOMSServerAdditionalInfo OBJECT-TYPE cCDMServerAdditionalInfo OBJECT-TYPE
SYNTAX SnmpAdminString SYNTAX SnmpAdminString
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Additional information about the SOMS server. This "Additional information about the CDM server. This
information is manually configured by the manager both at or information is manually configured by the manager both at or
after row creation." after row creation."
::= { cSOMSServerEntry 3 }
cSOMSServerRowStatus OBJECT-TYPE ::= { cCDMServerEntry 3 }
cCDMServerRowStatus OBJECT-TYPE
SYNTAX RowStatus SYNTAX RowStatus
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The status of the row, by which new entries may be created "The status of the row, by which new entries may be created
or old entries deleted from this table. or old entries deleted from this table.
Entries created within this table may not become active Entries created within this table may not become active
unless all read-create columns in this column have valid unless all read-create columns in this column have valid
values, as detailed by each individual column's description. values, as detailed by each individual column's description.
At a minimum, implementations must support createAndGo, At a minimum, implementations must support createAndGo,
active, and destroy management functions. Support for active, and destroy management functions. Support for
createAndWait, notInService, and notReady management createAndWait, notInService, and notReady management
functions is optional." functions is optional."
::= { cSOMSServerEntry 4 } ::= { cCDMServerEntry 4 }
-- ***************************************************************** -- *****************************************************************
-- CC MIB cCDMDeliveryTable -- CC MIB cCDMDeliveryTable
-- ***************************************************************** -- *****************************************************************
cCDMDeliveryTableCount OBJECT-TYPE cCDMDeliveryTableCount OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of rows in the cCDMDeliveryTable" "The number of rows in the cCDMDeliveryTable."
::= { cCDMDeliveryInfo 1 } ::= { cCDMDeliveryInfo 1 }
cCDMDeliveryTableLastChanged OBJECT-TYPE cCDMDeliveryTableLastChanged OBJECT-TYPE
SYNTAX TimeStamp SYNTAX TimeStamp
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The last time any entry in the table was modified, created, "The last time any entry in the table was modified, created,
or deleted by either SNMP, agent, or other management method or deleted by either SNMP, agent, or other management method
(e.g. via an HMI). Managers can use this object to ensure (e.g., via an HMI). Managers can use this object to ensure
that no changes to configuration of this table have happened that no changes to configuration of this table have happened
since the last time it examined the table. A value of 0 since the last time it examined the table. A value of 0
indicates that no entry has been changed since the agent indicates that no entry has been changed since the agent
initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime
should be used to populate this column." should be used to populate this column."
::= { cCDMDeliveryInfo 2 } ::= { cCDMDeliveryInfo 2 }
cCDMDeliveryTable OBJECT-TYPE cCDMDeliveryTable OBJECT-TYPE
SYNTAX SEQUENCE OF CCDMDeliveryEntry SYNTAX SEQUENCE OF CCDMDeliveryEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
skipping to change at page 87, line 32 skipping to change at page 91, line 4
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The type of the cryptographic device material (CDM) that "The type of the cryptographic device material (CDM) that
can be retrieved from a CDM server: can be retrieved from a CDM server:
[notification] = CDM is a notification providing [notification] = CDM is a notification providing
status/information for a particular status/information for a particular
(other) CDM (other) CDM
[symmetricKey] = CDM is a symmetric key [symmetricKey] = CDM is a symmetric key
[asymmetricKey] = CDM is a non-certificate asymmetric key [asymmetricKey] = CDM is a non-certificate asymmetric key
[certificate] = CDM is a certificate [certificate] = CDM is a certificate
[cklOrCrl] = CDM is a compromised key list or [cklOrCrl] = CDM is a compromised key list or
certificate revocation list certificate revocation list
[firmware] = CDM is a firmware package." [firmware] = CDM is a firmware package"
::= { cCDMDeliveryEntry 1 } ::= { cCDMDeliveryEntry 1 }
cCDMURI OBJECT-TYPE cCDMURI OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(1..255)) SYNTAX OCTET STRING (SIZE(1..255))
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The location of the cryptographic device material (CDM), "The location of the cryptographic device material (CDM),
represented in a URI format. Because of its type, the represented in a URI format. Because of its type, the
associated URI of the CDM Server can easily be derived. associated URI of the CDM Server can easily be derived.
This column is typically populated by an agent upon querying This column is typically populated by an agent upon querying
a SOMS Server (e.g. downloading and parsing a Product a CDM Server (e.g., downloading and parsing a cryptographic
Availability List (PAL) from a SOMS Server (entry in the device material list (CDML) from a CDM Server (entry in the
cSOMSServerTable)). However, a manager can also configure an cCDMServerTable)). However, a manager can also configure an
entry in this table with predetermined knowledge of the CDM entry in this table with predetermined knowledge of the CDM
location." location."
::= { cCDMDeliveryEntry 2 } ::= { cCDMDeliveryEntry 2 }
cCDMPackageSize OBJECT-TYPE cCDMPackageSize OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
UNITS "bytes" UNITS "bytes"
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The package size, in bytes, of the cryptographic device "The package size, in bytes, of the cryptographic device
material (CDM). This information is retrieved from a material (CDM). This information is retrieved from a
Product Availability List (PAL) or a server's product cryptographic device material list (CDML) or a server's
availability response following a query. This column product availability response following a query. This column
does not apply to notifications found in PALs." does not apply to notifications found in CDMLs."
::= { cCDMDeliveryEntry 3 } ::= { cCDMDeliveryEntry 3 }
cCDMAdditionalInfo OBJECT-TYPE cCDMAdditionalInfo OBJECT-TYPE
SYNTAX SnmpAdminString SYNTAX SnmpAdminString
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Additional information about the cryptographic device "Additional information about the cryptographic device
material (CDM). This information can be retrieved from the material (CDM). This information can be retrieved from the
downloaded Product Availability List (PAL) or manually downloaded cryptographic device material list (CDML) or
configured by the manager both at or after row creation." manually configured by the manager both at or after row
creation."
::= { cCDMDeliveryEntry 4 } ::= { cCDMDeliveryEntry 4 }
cCDMLastDownloadDate OBJECT-TYPE cCDMLastDownloadDate OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(14)) SYNTAX OCTET STRING (SIZE(14))
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This is a 14 character field that will be populated with "This is a 14 character field that will be populated with
the following values depending on the state of the download the following values depending on the state of the download
and the CDM type. and the CDM type.
skipping to change at page 89, line 16 skipping to change at page 92, line 38
::= { cCDMDeliveryEntry 5 } ::= { cCDMDeliveryEntry 5 }
cCDMDeliveryPriority OBJECT-TYPE cCDMDeliveryPriority OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A configurable priority value on the cryptographic device "A configurable priority value on the cryptographic device
material (CDM). This column is a means to allow certain key material (CDM). This column is a means to allow certain key
products to be downloaded before others. Lower values have a products to be downloaded before others. Lower values have a
higher priority (e.g. a value of 1 will be processed before higher priority (e.g., a value of 1 will be processed before
a value of 2)." a value of 2)."
::= { cCDMDeliveryEntry 6 } ::= { cCDMDeliveryEntry 6 }
cCDMDeliveryRequest OBJECT-TYPE cCDMDeliveryRequest OBJECT-TYPE
SYNTAX INTEGER { downloadAndInstall(1), downloadAndStore(2), SYNTAX INTEGER { downloadAndInstall(1), downloadAndStore(2),
discard(3) } discard(3) }
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This object signals the local device to perform actions on "This object signals the local device to perform actions on
skipping to change at page 92, line 16 skipping to change at page 95, line 38
OBJECT cCDMDeliveryStatus OBJECT cCDMDeliveryStatus
SYNTAX INTEGER { complete(1), inProgress(2), downloadFailed(3), SYNTAX INTEGER { complete(1), inProgress(2), downloadFailed(3),
installFailed(4) } installFailed(4) }
DESCRIPTION DESCRIPTION
"Implementation of this enumeration value(s) is mandatory - "Implementation of this enumeration value(s) is mandatory -
enumeration values not listed here are optional." enumeration values not listed here are optional."
::= { cKeyTransferPullCompliances 1 } ::= { cKeyTransferPullCompliances 1 }
cKeyTransferPullServerGroup OBJECT-GROUP cKeyTransferPullServerGroup OBJECT-GROUP
OBJECTS { OBJECTS {
cSOMSServerRetryDelay, cCDMServerRetryDelay,
cSOMSServerRetryMaxAttempts, cCDMServerRetryMaxAttempts,
cSOMSServerTableCount, cCDMServerTableCount,
cSOMSServerTableLastChanged, cCDMServerTableLastChanged,
cSOMSServerURI, cCDMServerURI,
cSOMSServerAdditionalInfo, cCDMServerAdditionalInfo,
cSOMSServerRowStatus cCDMServerRowStatus
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This group is composed of objects related to server "This group is composed of objects related to server
information." information."
::= { cKeyTransferPullGroups 1 } ::= { cKeyTransferPullGroups 1 }
cKeyTransferPullDeliveryGroup OBJECT-GROUP cKeyTransferPullDeliveryGroup OBJECT-GROUP
OBJECTS { OBJECTS {
cCDMPullRetrievalPriorities, cCDMPullRetrievalPriorities,
cPALDeliveryRequest, cCDMLDeliveryRequest,
cPALDeliveryStatus, cCDMLDeliveryStatus,
cCDMDeliveryTableCount, cCDMDeliveryTableCount,
cCDMDeliveryTableLastChanged, cCDMDeliveryTableLastChanged,
cCDMDeliveryTableLastChanged, cCDMDeliveryTableLastChanged,
cCDMType, cCDMType,
cCDMURI, cCDMURI,
cCDMPackageSize, cCDMPackageSize,
cCDMAdditionalInfo, cCDMAdditionalInfo,
cPALastDownloadDate, cCDMLastDownloadDate,
cCDMDeliveryPriority, cCDMDeliveryPriority,
cCDMDeliveryRequest, cCDMDeliveryRequest,
cCDMDeliveryStatus, cCDMDeliveryStatus,
cCDMDeliveryRowStatus cCDMDeliveryRowStatus
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This group is composed of objects related to delivery "This group is composed of objects related to delivery
information." information."
::= { cKeyTransferPullGroups 2 } ::= { cKeyTransferPullGroups 2 }
cKeyTransferPullDeliveryNotifyGroup NOTIFICATION-GROUP cKeyTransferPullDeliveryNotifyGroup NOTIFICATION-GROUP
NOTIFICATIONS { NOTIFICATIONS {
cPALPullReceiveSuccess, cCDMLPullReceiveSuccess,
cPALPullReceiveFailed, cCDMLPullReceiveFailed,
cCDMPullReceiveSuccess, cCDMPullReceiveSuccess,
cCDMPullReceiveFailed cCDMPullReceiveFailed
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This group is composed of notifications related to delivery "This group is composed of notifications related to delivery
information." information."
::= { cKeyTransferPullGroups 3 } ::= { cKeyTransferPullGroups 3 }
END END
5.7. Key Transfer Push 5.6. Key Transfer Push
This MIB module makes reference to following documents: [RFC2578], This MIB module makes reference to following documents: [RFC2578],
[RFC2579], [RFC2580], and [RFC3411]. [RFC2579], [RFC2580], and [RFC3411].
CC-KEY-TRANSFER-PUSH-MIB DEFINITIONS ::= BEGIN CC-KEY-TRANSFER-PUSH-MIB DEFINITIONS ::= BEGIN
IMPORTS IMPORTS
ccKeyTransferPush ccKeyTransferPush
FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}} FROM CC-FEATURE-HIERARCHY-MIB -- FROM Sec 5.2
OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE, OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE,
MODULE-IDENTITY MODULE-IDENTITY
FROM SNMPv2-SMI -- FROM RFC 2578 FROM SNMPv2-SMI -- FROM RFC 2578
SnmpAdminString SnmpAdminString
FROM SNMP-FRAMEWORK-MIB -- FROM RFC 3411 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 3411
RowPointer, RowStatus, DateAndTime, RowPointer, RowStatus, DateAndTime,
TimeStamp TimeStamp
FROM SNMPv2-TC -- FROM RFC 2579 FROM SNMPv2-TC -- FROM RFC 2579
MODULE-COMPLIANCE, OBJECT-GROUP, MODULE-COMPLIANCE, OBJECT-GROUP,
NOTIFICATION-GROUP NOTIFICATION-GROUP
FROM SNMPv2-CONF; -- FROM RFC 2580 FROM SNMPv2-CONF; -- FROM RFC 2580
ccKeyTransferPushMIB MODULE-IDENTITY ccKeyTransferPushMIB MODULE-IDENTITY
LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU LAST-UPDATED "201609302154Z"
ORGANIZATION "IETF" ORGANIZATION "CCMIB CCB"
CONTACT-INFO CONTACT-INFO
"Shadi Azoum "CC MIB Configuration Control Board
US Navy Email: CCMIB.CCB@us.af.mil"
email: shadi.azoum@navy.mil
Elliott Jones
US Navy
elliott.jones@navy.mil
Lily Sun
US Navy
lily.sun@navy.mil
Mike Irani
NKI Engineering
irani@nkiengineering.com
Jeffrey Sun
NKI Engineering
sunjeff@nkiengineering.com
Ray Purvis
MITRE
Email:rpurvis@mitre.org
Sean Turner
sn3rd
Email:sean@sn3rd.com"
DESCRIPTION DESCRIPTION
"This MIB defines the CC MIB Key Transfer Push object. "This MIB defines the CC MIB Key Transfer Push object.
Copyright (c) 2017 IETF Trust and the persons Copyright (c) 2019 IETF Trust and the persons
identified as authors of the code. All rights reserved. identified as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with Redistribution and use in source and binary forms, with
or without modification, is permitted pursuant to, and or without modification, is permitted pursuant to, and
subject to the license terms contained in, the Simplified subject to the license terms contained in, the Simplified
BSD License set forth in Section 4.c of the IETF Trust's BSD License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this MIB module is part of RFC xxxx; This version of this MIB module is part of RFC xxxx;
see the RFC itself for full legal notices." see the RFC itself for full legal notices."
-- RFC Ed.: RFC-editor please fill in xxxx. -- RFC Ed.: RFC-editor please fill in xxxx.
REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU REVISION "201609302154Z"
DESCRIPTION "Initial Version. Published as RFC xxxx." DESCRIPTION "CC MIB 1.0.5 FINAL. Published as RFC xxxx."
-- RFC Ed.: RFC-editor please fill in xxxx. -- RFC Ed.: RFC-editor please fill in xxxx.
::= { ccKeyTransferPush 1 } ::= { ccKeyTransferPush 1 }
-- ***************************************************************** -- *****************************************************************
-- Key Transfer Push Information Segments -- Key Transfer Push Information Segments
-- ***************************************************************** -- *****************************************************************
cCDMPushDestInfo OBJECT IDENTIFIER cCDMPushDestInfo OBJECT IDENTIFIER
::= { ccKeyTransferPushMIB 1 } ::= { ccKeyTransferPushMIB 1 }
cCDMTransferPkgInfo OBJECT IDENTIFIER cCDMTransferPkgInfo OBJECT IDENTIFIER
skipping to change at page 97, line 4 skipping to change at page 99, line 47
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An attempt to send key material, identified by the "An attempt to send key material, identified by the
Recipient Address and Transfer Type, has failed." Recipient Address and Transfer Type, has failed."
::= { cKeyTransferPushNotify 4 } ::= { cKeyTransferPushNotify 4 }
-- ***************************************************************** -- *****************************************************************
-- CC MIB cCDMPushDestTable -- CC MIB cCDMPushDestTable
-- ***************************************************************** -- *****************************************************************
cCDMPushDestTableCount OBJECT-TYPE cCDMPushDestTableCount OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of rows in the cCDMPushDestTable" "The number of rows in the cCDMPushDestTable."
::= { cCDMPushDestInfo 1 } ::= { cCDMPushDestInfo 1 }
cCDMPushDestTableLastChanged OBJECT-TYPE cCDMPushDestTableLastChanged OBJECT-TYPE
SYNTAX TimeStamp SYNTAX TimeStamp
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The last time any entry in the table was modified, created, "The last time any entry in the table was modified, created,
or deleted by either SNMP, agent, or other management method or deleted by either SNMP, agent, or other management method
(e.g. via an HMI). Managers can use this object to ensure (e.g., via an HMI). Managers can use this object to ensure
that no changes to configuration of this table have happened that no changes to configuration of this table have happened
since the last time it examined the table. A value of 0 since the last time it examined the table. A value of 0
indicates that no entry has been changed since the agent indicates that no entry has been changed since the agent
initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime
should be used to populate this column." should be used to populate this column."
::= { cCDMPushDestInfo 2 } ::= { cCDMPushDestInfo 2 }
cCDMPushDestTable OBJECT-TYPE cCDMPushDestTable OBJECT-TYPE
SYNTAX SEQUENCE OF CCDMPushDestEntry SYNTAX SEQUENCE OF CCDMPushDestEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
skipping to change at page 98, line 8 skipping to change at page 101, line 4
CCDMPushDestEntry ::= SEQUENCE { CCDMPushDestEntry ::= SEQUENCE {
cCDMPushDestIndex Unsigned32, cCDMPushDestIndex Unsigned32,
cCDMPushDestTransferType INTEGER, cCDMPushDestTransferType INTEGER,
cCDMPushDestAddressLocationType INTEGER, cCDMPushDestAddressLocationType INTEGER,
cCDMPushDestAddressLocation OCTET STRING, cCDMPushDestAddressLocation OCTET STRING,
cCDMPushDestTransferTime DateAndTime, cCDMPushDestTransferTime DateAndTime,
cCDMPushDestPackageSelection SnmpAdminString, cCDMPushDestPackageSelection SnmpAdminString,
cCDMPushDestRowStatus RowStatus cCDMPushDestRowStatus RowStatus
} }
cCDMPushDestIndex OBJECT-TYPE cCDMPushDestIndex OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A numeric index that identifies a unique location in this "A numeric index that identifies a unique location in this
table." table."
::= { cCDMPushDestEntry 1 } ::= { cCDMPushDestEntry 1 }
cCDMPushDestTransferType OBJECT-TYPE cCDMPushDestTransferType OBJECT-TYPE
SYNTAX INTEGER { ipsec(1), tls(2) } SYNTAX SnmpAdminString (SIZE(1..32))
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The transfer mechanism or protocol used by the sender to "The transfer mechanism or protocol used by the sender to
execute the Cryptographic Device Material (CDM) transfer: execute the Cryptographic Device Material (CDM) transfer."
ipsec(1), tls(2):
ipsec - Internet Protocol Security (IPsec)
tls - Transport Layer Security (TLS)"
::= { cCDMPushDestEntry 2 } ::= { cCDMPushDestEntry 2 }
cCDMPushDestAddressLocationType OBJECT-TYPE cCDMPushDestAddressLocationType OBJECT-TYPE
SYNTAX INTEGER { ipv4(1), ipv6(2), uri(3), other(4) } SYNTAX INTEGER { ipv4(1), ipv6(2), uri(3), other(4) }
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Enumeration indicating the type of address location." "Enumeration indicating the type of address location."
::= { cCDMPushDestEntry 3 } ::= { cCDMPushDestEntry 3 }
skipping to change at page 99, line 24 skipping to change at page 102, line 16
fields are the direction from UTC, hours from UTC, and fields are the direction from UTC, hours from UTC, and
minutes from UTC." minutes from UTC."
::= { cCDMPushDestEntry 5 } ::= { cCDMPushDestEntry 5 }
cCDMPushDestPackageSelection OBJECT-TYPE cCDMPushDestPackageSelection OBJECT-TYPE
SYNTAX SnmpAdminString SYNTAX SnmpAdminString
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A reference string that points to the key material(s) to "A reference string that points to the key material(s) to
transfer. This column may reference one entry (e.g. an entry transfer. This column may reference one entry (e.g., an
in the cCDMStoreTable) or multiple entries (e.g. multiple entry in the cCDMStoreTable) or multiple entries (e.g.,
entries in the cCDMTransferPkgTable). This object defines multiple entries in the cCDMTransferPkgTable). This object
all the items in the package that will be sent." defines all the items in the package that will be sent."
::= { cCDMPushDestEntry 6 } ::= { cCDMPushDestEntry 6 }
cCDMPushDestRowStatus OBJECT-TYPE cCDMPushDestRowStatus OBJECT-TYPE
SYNTAX RowStatus SYNTAX RowStatus
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The status of the row, by which new entries may be created "The status of the row, by which new entries may be created
or old entries deleted from this table. or old entries deleted from this table.
skipping to change at page 100, line 4 skipping to change at page 102, line 43
At a minimum, implementations must support createAndGo, At a minimum, implementations must support createAndGo,
active, and destroy management functions. Support for active, and destroy management functions. Support for
createAndWait, notInService, and notReady management createAndWait, notInService, and notReady management
functions is optional." functions is optional."
::= { cCDMPushDestEntry 7 } ::= { cCDMPushDestEntry 7 }
-- ***************************************************************** -- *****************************************************************
-- CC MIB cCDMTransferPkgTable -- CC MIB cCDMTransferPkgTable
-- ***************************************************************** -- *****************************************************************
cCDMTransferPkgTableCount OBJECT-TYPE cCDMTransferPkgTableCount OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of rows in the cCDMTransferPkgTable." "The number of rows in the cCDMTransferPkgTable."
::= { cCDMTransferPkgInfo 1 } ::= { cCDMTransferPkgInfo 1 }
cCDMTransferPkgTableLastChanged OBJECT-TYPE cCDMTransferPkgTableLastChanged OBJECT-TYPE
SYNTAX TimeStamp SYNTAX TimeStamp
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The last time any entry in the table was modified, created, "The last time any entry in the table was modified, created,
or deleted by either SNMP, agent, or other management method or deleted by either SNMP, agent, or other management method
(e.g. via an HMI). Managers can use this object to ensure (e.g., via an HMI). Managers can use this object to ensure
that no changes to configuration of this table have happened that no changes to configuration of this table have happened
since the last time it examined the table. A value of 0 since the last time it examined the table. A value of 0
indicates that no entry has been changed since the agent indicates that no entry has been changed since the agent
initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime
should be used to populate this column." should be used to populate this column."
::= { cCDMTransferPkgInfo 2 } ::= { cCDMTransferPkgInfo 2 }
cCDMTransferPkgTable OBJECT-TYPE cCDMTransferPkgTable OBJECT-TYPE
SYNTAX SEQUENCE OF CCDMTransferPkgEntry SYNTAX SEQUENCE OF CCDMTransferPkgEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
skipping to change at page 102, line 20 skipping to change at page 105, line 12
-- ***************************************************************** -- *****************************************************************
-- CC MIB cCDMPushSrcTable -- CC MIB cCDMPushSrcTable
-- ***************************************************************** -- *****************************************************************
cCDMPushSrcTableCount OBJECT-TYPE cCDMPushSrcTableCount OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of rows in the cCDMPushSrcTable" "The number of rows in the cCDMPushSrcTable."
::= { cCDMPushSrcInfo 1 } ::= { cCDMPushSrcInfo 1 }
cCDMPushSrcTableLastChanged OBJECT-TYPE cCDMPushSrcTableLastChanged OBJECT-TYPE
SYNTAX TimeStamp SYNTAX TimeStamp
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The last time any entry in the table was modified, created, "The last time any entry in the table was modified, created,
or deleted by either SNMP, agent, or other management method or deleted by either SNMP, agent, or other management method
(e.g. via an HMI). Managers can use this object to ensure (e.g., via an HMI). Managers can use this object to ensure
that no changes to configuration of this table have happened that no changes to configuration of this table have happened
since the last time it examined the table. A value of 0 since the last time it examined the table. A value of 0
indicates that no entry has been changed since the agent indicates that no entry has been changed since the agent
initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime
should be used to populate this column." should be used to populate this column."
::= { cCDMPushSrcInfo 2 } ::= { cCDMPushSrcInfo 2 }
cCDMPushSrcTable OBJECT-TYPE cCDMPushSrcTable OBJECT-TYPE
SYNTAX SEQUENCE OF CCDMPushSrcEntry SYNTAX SEQUENCE OF CCDMPushSrcEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This table provides the list of authorized senders that "This table provides the list of authorized senders that
this receiving device will accept Cryptographic Device this receiving device will accept Cryptographic Device
Material (CDM) transfers from. Servers for the Material (CDM) transfers from. Servers for the
cSOMSServerTable are not listed in this table since this cCDMServerTable are not listed in this table since this
table is specific for the Push Model." table is specific for the Push Model."
::= { cCDMPushSrcInfo 3 } ::= { cCDMPushSrcInfo 3 }
cCDMPushSrcEntry OBJECT-TYPE cCDMPushSrcEntry OBJECT-TYPE
SYNTAX CCDMPushSrcEntry SYNTAX CCDMPushSrcEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A row containing information about an authorized sender "A row containing information about an authorized sender
that this receiving device will accept." that this receiving device will accept."
INDEX { cCDMPushSrcSenderName, cCDMPushSrcTransferType } INDEX { cCDMPushSrcSenderName, cCDMPushSrcTransferType }
::= { cCDMPushSrcTable 1 } ::= { cCDMPushSrcTable 1 }
CCDMPushSrcEntry ::= SEQUENCE { CCDMPushSrcEntry ::= SEQUENCE {
cCDMPushSrcSenderName SnmpAdminString, cCDMPushSrcSenderName SnmpAdminString,
cCDMPushSrcTransferType INTEGER, cCDMPushSrcTransferType SnmpAdminString,
cCDMPushSrcAddrLocationType INTEGER, cCDMPushSrcAddrLocationType INTEGER,
cCDMPushSrcAddrLocation OCTET STRING, cCDMPushSrcAddrLocation OCTET STRING,
cCDMPushSrcRowStatus RowStatus cCDMPushSrcRowStatus RowStatus
} }
cCDMPushSrcSenderName OBJECT-TYPE cCDMPushSrcSenderName OBJECT-TYPE
SYNTAX SnmpAdminString SYNTAX SnmpAdminString
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An administrative string for an authorized sender. "An administrative string for an authorized sender.
cCDMPushSrcSenderName and cCDMPushSrcTransferType serve as cCDMPushSrcSenderName and cCDMPushSrcTransferType serve as
indexes of this table." indexes of this table."
::= { cCDMPushSrcEntry 1 } ::= { cCDMPushSrcEntry 1 }
cCDMPushSrcTransferType OBJECT-TYPE cCDMPushSrcTransferType OBJECT-TYPE
SYNTAX INTEGER { ipsec(1), tls(2), other(3) } SYNTAX SnmpAdminString (SIZE(1..32))
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Analogous to cCDMPushDestTransferType. The transfer "Analogous to cCDMPushDestTransferType. The transfer
mechanism or protocol used by the receiver to receive the mechanism or protocol used by the receiver to receive the
Cryptographic Device Material (CDM) transfer. Cryptographic Device Material (CDM) transfer.
ipsec - Internet Protocol Security (IPsec)
tls - Transport Layer Security (TLS)
other - used for device specific transfer mechanisms
cCDMPushSrcSenderName and cCDMPushSrcTransferType serve as cCDMPushSrcSenderName and cCDMPushSrcTransferType serve as
indexes of this table." indexes of this table."
::= { cCDMPushSrcEntry 2 } ::= { cCDMPushSrcEntry 2 }
cCDMPushSrcAddrLocationType OBJECT-TYPE cCDMPushSrcAddrLocationType OBJECT-TYPE
SYNTAX INTEGER { ipv4(1), ipv6(2), uri(3), other(4) } SYNTAX INTEGER { ipv4(1), ipv6(2), uri(3), other(4) }
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Enumeration indicating the type of address location "Enumeration indicating the type of address location
skipping to change at page 106, line 41 skipping to change at page 109, line 32
cCDMPushReceiveFail cCDMPushReceiveFail
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This group is composed of notifications related to receiver "This group is composed of notifications related to receiver
information." information."
::= { cKeyTransferPushGroups 4 } ::= { cKeyTransferPushGroups 4 }
END END
5.8. Security Policy Information 5.7. Security Policy Information
This module makes reference to: Section 5.2, [RFC2578], [RFC2579], This module makes reference to: Section 5.2, [RFC2578], [RFC2579],
[RFC2580], and {RFC3411}}. [RFC2580], and {RFC3411}}.
CC-SECURE-POLICY-INFO-MIB DEFINITIONS ::= BEGIN CC-SECURE-POLICY-INFO-MIB DEFINITIONS ::= BEGIN
IMPORTS IMPORTS
ccSecurePolicyInfo ccSecurePolicyInfo
FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}} FROM CC-FEATURE-HIERARCHY-MIB -- FROM Sec 5.2
OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE, OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE,
MODULE-IDENTITY MODULE-IDENTITY
FROM SNMPv2-SMI -- FROM RFC 2578 FROM SNMPv2-SMI -- FROM RFC 2578
MODULE-COMPLIANCE, OBJECT-GROUP, MODULE-COMPLIANCE, OBJECT-GROUP,
NOTIFICATION-GROUP NOTIFICATION-GROUP
FROM SNMPv2-CONF -- FROM RFC 2580 FROM SNMPv2-CONF -- FROM RFC 2580
SnmpAdminString SnmpAdminString
FROM SNMP-FRAMEWORK-MIB -- FROM RFC 3411 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 3411
RowStatus, TimeStamp RowStatus, TimeStamp
FROM SNMPv2-TC; -- FROM RFC 2579 FROM SNMPv2-TC; -- FROM RFC 2579
ccSecurePolicyInfoMIB MODULE-IDENTITY ccSecurePolicyInfoMIB MODULE-IDENTITY
LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU LAST-UPDATED "201609302154Z"
ORGANIZATION "IETF" ORGANIZATION "CCMIB CCB"
CONTACT-INFO CONTACT-INFO
"Shadi Azoum "CC MIB Configuration Control Board
US Navy Email: CCMIB.CCB@us.af.mil"
email: shadi.azoum@navy.mil
Elliott Jones
US Navy
elliott.jones@navy.mil
Lily Sun
US Navy
lily.sun@navy.mil
Mike Irani
NKI Engineering
irani@nkiengineering.com
Jeffrey Sun
NKI Engineering
sunjeff@nkiengineering.com
Ray Purvis
MITRE
Email:rpurvis@mitre.org
Sean Turner
sn3rd
Email:sean@sn3rd.com"
DESCRIPTION DESCRIPTION
"This MIB defines the CC MIB Security Policy Information "This MIB defines the CC MIB Security Policy Information
objects. objects.
Copyright (c) 2017 IETF Trust and the persons Copyright (c) 2019 IETF Trust and the persons
identified as authors of the code. All rights reserved. identified as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with Redistribution and use in source and binary forms, with
or without modification, is permitted pursuant to, and or without modification, is permitted pursuant to, and
subject to the license terms contained in, the Simplified subject to the license terms contained in, the Simplified
BSD License set forth in Section 4.c of the IETF Trust's BSD License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this MIB module is part of RFC xxxx; This version of this MIB module is part of RFC xxxx;
see the RFC itself for full legal notices." see the RFC itself for full legal notices."
-- RFC Ed.: RFC-editor please fill in xxxx. -- RFC Ed.: RFC-editor please fill in xxxx.
REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU REVISION "201609302154Z"
DESCRIPTION "Initial Version. Published as RFC xxxx." DESCRIPTION "CC MIB 1.0.5 FINAL. Published as RFC xxxx."
-- RFC Ed.: RFC-editor please fill in xxxx. -- RFC Ed.: RFC-editor please fill in xxxx.
::= { ccSecurePolicyInfo 1 } ::= { ccSecurePolicyInfo 1 }
-- ***************************************************************** -- *****************************************************************
-- Secure Policy Info Information Segments -- Secure Policy Info Information Segments
-- ***************************************************************** -- *****************************************************************
cSecurePolicyConformance OBJECT IDENTIFIER cSecurePolicyConformance OBJECT IDENTIFIER
::= { ccSecurePolicyInfoMIB 1 } ::= { ccSecurePolicyInfoMIB 1 }
cSecPolicyRuleInfo OBJECT IDENTIFIER cSecPolicyRuleInfo OBJECT IDENTIFIER
skipping to change at page 109, line 22 skipping to change at page 111, line 34
"The number of rows in the cSecPolicyRuleTable." "The number of rows in the cSecPolicyRuleTable."
::= { cSecPolicyRuleInfo 1 } ::= { cSecPolicyRuleInfo 1 }
cSecPolicyRuleTableLastChanged OBJECT-TYPE cSecPolicyRuleTableLastChanged OBJECT-TYPE
SYNTAX TimeStamp SYNTAX TimeStamp
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The last time any entry in the table was modified, created, "The last time any entry in the table was modified, created,
or deleted by either SNMP, agent, or other management method or deleted by either SNMP, agent, or other management method
(e.g. via an HMI). Managers can use this object to ensure (e.g., via an HMI). Managers can use this object to ensure
that no changes to configuration of this table have happened that no changes to configuration of this table have happened
since the last time it examined the table. A value of 0 since the last time it examined the table. A value of 0
indicates that no entry has been changed since the agent indicates that no entry has been changed since the agent
initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime
should be used to populate this column." should be used to populate this column."
::= { cSecPolicyRuleInfo 2 } ::= { cSecPolicyRuleInfo 2 }
cSecPolicyRuleTable OBJECT-TYPE cSecPolicyRuleTable OBJECT-TYPE
SYNTAX SEQUENCE OF CSecPolicyRuleEntry SYNTAX SEQUENCE OF CSecPolicyRuleEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The cSecPolicyRuleTable stores the Security Policy Rules "The cSecPolicyRuleTable stores the Security Policy Rules
that are compared against inbound and outbound data traffic that are compared against inbound and outbound data traffic
flow. These Security Policy Rules define the actions (e.g. flow. These Security Policy Rules define the actions (e.g.,
protect, bypass, discard) on how the data traffic flow protect, bypass, discard) on how the data traffic flow
should be treated." should be treated."
::= { cSecPolicyRuleInfo 3 } ::= { cSecPolicyRuleInfo 3 }
cSecPolicyRuleEntry OBJECT-TYPE cSecPolicyRuleEntry OBJECT-TYPE
SYNTAX CSecPolicyRuleEntry SYNTAX CSecPolicyRuleEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A row containing general information about a Security "A row containing general information about a Security
Policy rule." Policy rule."
INDEX { cSecPolicyRulePriorityID } INDEX { cSecPolicyRulePriorityID }
skipping to change at page 110, line 21 skipping to change at page 112, line 33
cSecPolicyRuleRowStatus RowStatus cSecPolicyRuleRowStatus RowStatus
} }
cSecPolicyRulePriorityID OBJECT-TYPE cSecPolicyRulePriorityID OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Local unique index that identifies the priority at which "Local unique index that identifies the priority at which
this Security Policy rule is applied. Lower values have a this Security Policy rule is applied. Lower values have a
higher priority (e.g. a value of 1 will be processed before higher priority (e.g., a value of 1 will be processed before
a value of 2). This column is the primary index to the a value of 2). This column is the primary index to the
cSecPolicyRuleTable." cSecPolicyRuleTable."
::= { cSecPolicyRuleEntry 1 } ::= { cSecPolicyRuleEntry 1 }
cSecPolicyRuleDescription OBJECT-TYPE cSecPolicyRuleDescription OBJECT-TYPE
SYNTAX OCTET STRING SYNTAX OCTET STRING
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An administrative string describing the Security Policy "An administrative string describing the Security Policy
rule. Note, this is a free form OCTET STRING that provides rule. Note, this is a free form OCTET STRING that provides
the user a store for any form of description/documentation the user a store for any form of description/documentation
for the given entry." for the given entry."
::= { cSecPolicyRuleEntry 2 } ::= { cSecPolicyRuleEntry 2 }
cSecPolicyRuleType OBJECT-TYPE cSecPolicyRuleType OBJECT-TYPE
SYNTAX INTEGER { ipsec(1), tls(2) } SYNTAX INTEGER { ipsec(1), tls(2), macsec(3) }
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Optional column that defines the related protocol type of "Optional column that defines the related protocol type of
the Security Policy rule. Depending on this column's set the Security Policy rule. Depending on this column's set
value, entries will vary in respect to which other value, entries will vary in respect to which other
columns/tables (if at all) must be populated to fully columns/tables (if at all) must be populated to fully
configure the Security Policy rule." configure the Security Policy rule."
::= { cSecPolicyRuleEntry 3 } ::= { cSecPolicyRuleEntry 3 }
skipping to change at page 113, line 24 skipping to change at page 115, line 38
cSecPolicyChanged cSecPolicyChanged
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This group is composed of notifications related to secure "This group is composed of notifications related to secure
policy information." policy information."
::= { cSecurePolicyGroups 2 } ::= { cSecurePolicyGroups 2 }
END END
5.9. Secure Connection Information 5.8. Secure Connection Information
This module makes reference to: Section 5.2, [RFC2578], [RFC2579], This module makes reference to: Section 5.2, [RFC2578], [RFC2579],
[RFC2580], [RFC3411], and [RFC4303]. [RFC2580], [RFC3411], and [RFC4303].
CC-SECURE-CONNECTION-INFO-MIB DEFINITIONS ::= BEGIN CC-SECURE-CONNECTION-INFO-MIB DEFINITIONS ::= BEGIN
IMPORTS IMPORTS
ccSecureConnectionInfo ccSecureConnectionInfo
FROM CC-FEATURE-HIERARCHY-MIB -- FROM {{cc-fh}} FROM CC-FEATURE-HIERARCHY-MIB -- FROM Sec 5.2
OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE, OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE,
MODULE-IDENTITY MODULE-IDENTITY
FROM SNMPv2-SMI -- FROM RFC 2578 FROM SNMPv2-SMI -- FROM RFC 2578
MODULE-COMPLIANCE, OBJECT-GROUP, MODULE-COMPLIANCE, OBJECT-GROUP,
NOTIFICATION-GROUP NOTIFICATION-GROUP
FROM SNMPv2-CONF -- FROM RFC 2580 FROM SNMPv2-CONF -- FROM RFC 2580
SnmpAdminString SnmpAdminString
FROM SNMP-FRAMEWORK-MIB -- FROM RFC 3411 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 3411
RowStatus, DateAndTime, TimeStamp RowStatus, DateAndTime, TimeStamp
FROM SNMPv2-TC; -- FROM RFC 2579 FROM SNMPv2-TC; -- FROM RFC 2579
ccSecureConnectionInfoMIB MODULE-IDENTITY ccSecureConnectionInfoMIB MODULE-IDENTITY
LAST-UPDATED "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU LAST-UPDATED "201609302154Z"
ORGANIZATION "IETF" ORGANIZATION "CCMIB CCB"
CONTACT-INFO CONTACT-INFO
"Shadi Azoum "CC MIB Configuration Control Board
US Navy Email: CCMIB.CCB@us.af.mil"
email: shadi.azoum@navy.mil
Elliott Jones
US Navy
elliott.jones@navy.mil
Lily Sun
US Navy
lily.sun@navy.mil
Mike Irani
NKI Engineering
irani@nkiengineering.com
Jeffrey Sun
NKI Engineering
sunjeff@nkiengineering.com
Ray Purvis
MITRE
Email:rpurvis@mitre.org
Sean Turner
sn3rd
Email:sean@sn3rd.com"
DESCRIPTION DESCRIPTION
"This MIB defines the CC MIB Secure Connection Information "This MIB defines the CC MIB Secure Connection Information
objects. objects.
Copyright (c) 2017 IETF Trust and the persons Copyright (c) 2019 IETF Trust and the persons
identified as authors of the code. All rights reserved. identified as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with Redistribution and use in source and binary forms, with
or without modification, is permitted pursuant to, and or without modification, is permitted pursuant to, and
subject to the license terms contained in, the Simplified subject to the license terms contained in, the Simplified
BSD License set forth in Section 4.c of the IETF Trust's BSD License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this MIB module is part of RFC xxxx; This version of this MIB module is part of RFC xxxx;
see the RFC itself for full legal notices." see the RFC itself for full legal notices."
-- RFC Ed.: RFC-editor please fill in xxxx. -- RFC Ed.: RFC-editor please fill in xxxx.
REVISION "YYYYMMDDHHMMSSZ" -- DD MM YYYY HH:MM:00 ZULU REVISION "201609302154Z"
DESCRIPTION "Initial Version. Published as RFC xxxx." DESCRIPTION "CC MIB 1.0.5 FINAL. Published as RFC xxxx."
-- RFC Ed.: RFC-editor please fill in xxxx. -- RFC Ed.: RFC-editor please fill in xxxx.
::= { ccSecureConnectionInfo 1 } ::= { ccSecureConnectionInfo 1 }
-- ***************************************************************** -- *****************************************************************
-- Secure Connection Info Information Segments -- Secure Connection Info Information Segments
-- ***************************************************************** -- *****************************************************************
cSecureConnectionConformance OBJECT IDENTIFIER cSecureConnectionConformance OBJECT IDENTIFIER
::= { ccSecureConnectionInfoMIB 1 } ::= { ccSecureConnectionInfoMIB 1 }
cSecureConnectionInfo OBJECT IDENTIFIER cSecureConnectionInfo OBJECT IDENTIFIER
::= { ccSecureConnectionInfoMIB 2 } ::= { ccSecureConnectionInfoMIB 2 }
cSecureConnectionInfoScalars OBJECT IDENTIFIER cSecureConnectionInfoScalars OBJECT IDENTIFIER
::= { ccSecureConnectionInfoMIB 3 } ::= { ccSecureConnectionInfoMIB 3 }
cSecureConnectionInfoNotify OBJECT IDENTIFIER cSecureConnectionInfoNotify OBJECT IDENTIFIER
::= { ccSecureConnectionInfoMIB 4 } ::= { ccSecureConnectionInfoMIB 4 }
-- ***************************************************************** -- *****************************************************************
skipping to change at page 116, line 9 skipping to change at page 117, line 48
"The number of rows in the cSecConTable." "The number of rows in the cSecConTable."
::= { cSecureConnectionInfo 1 } ::= { cSecureConnectionInfo 1 }
cSecConTableLastChanged OBJECT-TYPE cSecConTableLastChanged OBJECT-TYPE
SYNTAX TimeStamp SYNTAX TimeStamp
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The last time any entry in the table was modified, created, "The last time any entry in the table was modified, created,
or deleted by either SNMP, agent, or other management method or deleted by either SNMP, agent, or other management method
(e.g. via an HMI). Managers can use this object to ensure (e.g., via an HMI). Managers can use this object to ensure
that no changes to configuration of this table have happened that no changes to configuration of this table have happened
since the last time it examined the table. A value of 0 since the last time it examined the table. A value of 0
indicates that no entry has been changed since the agent indicates that no entry has been changed since the agent
initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime
should be used to populate this column." should be used to populate this column."
::= { cSecureConnectionInfo 2 } ::= { cSecureConnectionInfo 2 }
cSecConTable OBJECT-TYPE cSecConTable OBJECT-TYPE
SYNTAX SEQUENCE OF CSecConEntry SYNTAX SEQUENCE OF CSecConEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
skipping to change at page 116, line 47 skipping to change at page 118, line 38
CSecConEntry ::= SEQUENCE { CSecConEntry ::= SEQUENCE {
cSecConTableID Unsigned32, cSecConTableID Unsigned32,
cSecConType OCTET STRING, cSecConType OCTET STRING,
cSecConDataPlaneID OCTET STRING, cSecConDataPlaneID OCTET STRING,
cSecConDirection INTEGER, cSecConDirection INTEGER,
cSecConKeyReference OCTET STRING, cSecConKeyReference OCTET STRING,
cSecConCryptographicSuite OCTET STRING, cSecConCryptographicSuite OCTET STRING,
cSecConEstablishmentTime DateAndTime, cSecConEstablishmentTime DateAndTime,
cSecConStatus OCTET STRING, cSecConStatus OCTET STRING,
cSecConRowStatus RowStatus cSecConRowStatus RowStatus,
cSecConRemoteKeyReference OCTET STRING
} }
cSecConTableID OBJECT-TYPE cSecConTableID OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Local unique index that identifies a Secure Connection. "Local unique index that identifies a Secure Connection.
This column is the primary index to the cSecConTable." This column is the primary index to the cSecConTable."
::= { cSecConEntry 1 } ::= { cSecConEntry 1 }
skipping to change at page 117, line 36 skipping to change at page 119, line 28
cSecConDataPlaneID OBJECT-TYPE cSecConDataPlaneID OBJECT-TYPE
SYNTAX OCTET STRING SYNTAX OCTET STRING
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The unique identifier associated with the Secure "The unique identifier associated with the Secure
Connection, based on the Secure Connection protocol. Connection, based on the Secure Connection protocol.
Note, this is a free form OCTET STRING column where Note, this is a free form OCTET STRING column where
meaningful values/format are defined per Secure Connection meaningful values/format are defined per Secure Connection
protocol type basis. For instance, in an IPsec context (i.e. protocol type basis. For instance, in an IPsec context
cSecConType value is set to 'ipsec'), this column would (i.e., cSecConType value is set to 'ipsec'), this column
store the Security Parameter Index (SPI) for a given would store the Security Parameter Index (SPI) for a given
Encapsulating Security Payload Version 3 Security Encapsulating Security Payload Version 3 Security
Association (RFC 4303 - Section 2.1.)." Association (RFC 4303 - Section 2.1.)."
::= { cSecConEntry 3 } ::= { cSecConEntry 3 }
cSecConDirection OBJECT-TYPE cSecConDirection OBJECT-TYPE
SYNTAX INTEGER { inbound(1), outbound(2), SYNTAX INTEGER { inbound(1), outbound(2),
bidirectional(3) } bidirectional(3) }
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
skipping to change at page 119, line 12 skipping to change at page 121, line 4
of the key material (if associated) as referenced by the of the key material (if associated) as referenced by the
cSecConKeyReference column. If this column value is not cSecConKeyReference column. If this column value is not
manually configured with a date and time then the value will manually configured with a date and time then the value will
be automatically populated with the current cSystemDate be automatically populated with the current cSystemDate
value in respect to when the cSecConRowStatus column is value in respect to when the cSecConRowStatus column is
first set to Active. first set to Active.
Note, implementations may treat this column as an alpha date Note, implementations may treat this column as an alpha date
for the Secure Connection, and thus ascertain other Secure for the Secure Connection, and thus ascertain other Secure
Connection-related values based on this time." Connection-related values based on this time."
::= { cSecConEntry 7 } ::= { cSecConEntry 7 }
cSecConStatus OBJECT-TYPE cSecConStatus OBJECT-TYPE
SYNTAX OCTET STRING SYNTAX OCTET STRING
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Column that provides the current status of the Secure "Column that provides the current status of the Secure
Connection. Note, this is a free form OCTET STRING column Connection. Note, this is a free form OCTET STRING column
where meaningful values are defined per Secure Connection where meaningful values are defined per Secure Connection
protocol type basis (i.e. as defined by the cSecConType protocol type basis (i.e., as defined by the cSecConType
value) or per implementation basis. value) or per implementation basis.
If there is no appropriate value to populate with, this If there is no appropriate value to populate with, this
column would be populated with an empty string, ''." column would be populated with an empty string, ''."
::= { cSecConEntry 8 } ::= { cSecConEntry 8 }
cSecConRowStatus OBJECT-TYPE cSecConRowStatus OBJECT-TYPE
SYNTAX RowStatus SYNTAX RowStatus
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
skipping to change at page 119, line 50 skipping to change at page 121, line 43
The set of RowStatus enumerations that must be supported is The set of RowStatus enumerations that must be supported is
dependent on the type of secure connection. At a minimum, dependent on the type of secure connection. At a minimum,
implementations must support createAndGo and destroy if the implementations must support createAndGo and destroy if the
secure connection can be created and destroyed by the secure connection can be created and destroyed by the
manager. Implementations must support active and manager. Implementations must support active and
notInService if the secure connection can be notInService if the secure connection can be
enabled/disabled by the manager." enabled/disabled by the manager."
::= { cSecConEntry 9 } ::= { cSecConEntry 9 }
cSecConRemoteKeyReference OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..255))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Administrative string that references remote key material
associated with the Secure Connection (i.e., the remote key
material used by the peer to establish the Secure
Connection. This column references an entry (via table index
value) in cRemoteKeyMaterialTable (CC-KEY-MANAGEMENT-MIB).
If there is no appropriate value to populate with, this
column would be populated with an empty string, ''"
::= {cSecConEntry 10}
-- ***************************************************************** -- *****************************************************************
-- Module Conformance Information -- Module Conformance Information
-- ***************************************************************** -- *****************************************************************
cSecureConnectionCompliances OBJECT IDENTIFIER cSecureConnectionCompliances OBJECT IDENTIFIER
::= { cSecureConnectionConformance 1} ::= { cSecureConnectionConformance 1}
cSecureConnectionGroups OBJECT IDENTIFIER cSecureConnectionGroups OBJECT IDENTIFIER
::= { cSecureConnectionConformance 2} ::= { cSecureConnectionConformance 2}
cSecureConnectionCompliance MODULE-COMPLIANCE cSecureConnectionCompliance MODULE-COMPLIANCE
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Compliance levels for secure connection information." "Compliance levels for secure connection information."
MODULE MODULE
MANDATORY-GROUPS { cSecureConnectionGroup } MANDATORY-GROUPS { cSecureConnectionGroup }
skipping to change at page 120, line 40 skipping to change at page 122, line 48
cSecConTableCount, cSecConTableCount,
cSecConTableLastChanged, cSecConTableLastChanged,
cSecConTableID, cSecConTableID,
cSecConType, cSecConType,
cSecConDataPlaneID, cSecConDataPlaneID,
cSecConDirection, cSecConDirection,
cSecConKeyReference, cSecConKeyReference,
cSecConCryptographicSuite, cSecConCryptographicSuite,
cSecConEstablishmentTime, cSecConEstablishmentTime,
cSecConStatus, cSecConStatus,
cSecConRowStatus cSecConRowStatus,
cSecConRemoteKeyReference
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This group is composed of objects related to secure "This group is composed of objects related to secure
connection information." connection information."
::= { cSecureConnectionGroups 1 } ::= { cSecureConnectionGroups 1 }
cSecureConnectionNotifyGroup NOTIFICATION-GROUP cSecureConnectionNotifyGroup NOTIFICATION-GROUP
NOTIFICATIONS { NOTIFICATIONS {
cSecConnectionEstablished, cSecConnectionEstablished,
skipping to change at page 121, line 4 skipping to change at page 123, line 12
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This group is composed of objects related to secure "This group is composed of objects related to secure
connection information." connection information."
::= { cSecureConnectionGroups 1 } ::= { cSecureConnectionGroups 1 }
cSecureConnectionNotifyGroup NOTIFICATION-GROUP cSecureConnectionNotifyGroup NOTIFICATION-GROUP
NOTIFICATIONS { NOTIFICATIONS {
cSecConnectionEstablished, cSecConnectionEstablished,
cSecConnectionDeleted cSecConnectionDeleted
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This group is composed of notifications related to secure "This group is composed of notifications related to secure
connection information." connection information."
::= { cSecureConnectionGroups 2 } ::= { cSecureConnectionGroups 2 }
END END
6. IANA Considerations 6. IANA Considerations
This document makes no requests of IANA. All of the object
identifiers used in the document are defined in the IANA Private
Enterprise Number (PEN) ccmib arc (34493).
RFC EDITOR: Please delete the following note prior to publication
NOTE: "cpsg" is undergoing a name change to "ccmib".
7. Security Considerations 7. Security Considerations
SNMP versions prior to SNMPv3 did not include adequate security. SNMP versions prior to SNMPv3 did not include adequate security.
Even if the network itself is secure (for example by using IPsec), Even if the network itself is secure (for example by using IPsec),
there is no control as to who on the secure network is allowed to there is no control as to who on the secure network is allowed to
access and GET/SET (read/change/create/delete) the objects in this access and GET/SET (read/change/create/delete) the objects in this
MIB module. MIB module.
Implementations SHOULD provide the security features described by the Implementations SHOULD provide the security features described by the
SNMPv3 framework (see [RFC3410]), and implementations claiming SNMPv3 framework (see [RFC3410]), and implementations claiming
skipping to change at page 123, line 45 skipping to change at page 126, line 9
[RFC3418] Presuhn, R., Ed., "Management Information Base (MIB) for [RFC3418] Presuhn, R., Ed., "Management Information Base (MIB) for
the Simple Network Management Protocol (SNMP)", STD 62, the Simple Network Management Protocol (SNMP)", STD 62,
RFC 3418, DOI 10.17487/RFC3418, December 2002, RFC 3418, DOI 10.17487/RFC3418, December 2002,
<https://www.rfc-editor.org/info/rfc3418>. <https://www.rfc-editor.org/info/rfc3418>.
[RFC4303] Kent, S., "IP Encapsulating Security Payload (ESP)", [RFC4303] Kent, S., "IP Encapsulating Security Payload (ESP)",
RFC 4303, DOI 10.17487/RFC4303, December 2005, RFC 4303, DOI 10.17487/RFC4303, December 2005,
<https://www.rfc-editor.org/info/rfc4303>. <https://www.rfc-editor.org/info/rfc4303>.
Authors' Addresses Appendix A. Contributors
Shadi Azoum The following people made technical contributions to this
SPAWAR Systems Center Pacific specification:
Email: shadi.azoum@navy.mil o Shadi Azoum
Elliott Jones Naval Information Warfare Center Pacific
SPAWAR Systems Center Pacific shadi.azoum@navy.mil
Email: elliott.jones@navy.mil o Elliott Jones
Naval Information Warfare Center Pacific
elliott.jones@navy.mil
Lily Sun o Lily Sun
SPAWAR Systems Center Pacific Naval Information Warfare Center Pacific
lily.sun@navy.mil
Email: lily.sun@navy.mil Authors' Addresses
Jeffrey Sun
Naval Information Warfare Center Pacific
Email: sunjeff@spawar.navy.mil
Mike Irani Mike Irani
Nathan Kunes, Inc. Naval Information Warfare Center Pacific
Email: irani@nkiengineering.com Email: irani@spawar.navy.mil
Jeffrey Sun Tom Nguyen
Nathan Kunes, Inc. Naval Information Warfare Center Pacific
Email: sunjeff@nkiengineering.com Email: tmnguyen@spawar.navy.mil
Ray Purvis Ray Purvis
The MITRE Corporation The MITRE Corporation
Email: rpurvis@mitre.org Email: rpurvis@mitre.org
Sean Turner Sean Turner
sn3rd sn3rd
Email: sean@sn3rd.com Email: sean@sn3rd.com
 End of changes. 272 change blocks. 
839 lines changed or deleted 945 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/