idnits 2.17.1 draft-ietf-opsec-efforts-05.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 15. -- Found old boilerplate from RFC 3978, Section 5.5 on line 1287. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 1298. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 1305. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 1311. ** This document has an original RFC 3978 Section 5.4 Copyright Line, instead of the newer IETF Trust Copyright according to RFC 4748. ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead of the newer disclaimer which includes the IETF Trust according to RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (December 21, 2006) is 6329 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- No issues found here. Summary: 3 errors (**), 0 flaws (~~), 1 warning (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group C. Lonvick 3 Internet-Draft D. Spak 4 Intended status: Informational Cisco Systems 5 Expires: June 24, 2007 December 21, 2006 7 Security Best Practices Efforts and Documents 8 draft-ietf-opsec-efforts-05.txt 10 Status of this Memo 12 By submitting this Internet-Draft, each author represents that any 13 applicable patent or other IPR claims of which he or she is aware 14 have been or will be disclosed, and any of which he or she becomes 15 aware will be disclosed, in accordance with Section 6 of BCP 79. 17 Internet-Drafts are working documents of the Internet Engineering 18 Task Force (IETF), its areas, and its working groups. Note that 19 other groups may also distribute working documents as Internet- 20 Drafts. 22 Internet-Drafts are draft documents valid for a maximum of six months 23 and may be updated, replaced, or obsoleted by other documents at any 24 time. It is inappropriate to use Internet-Drafts as reference 25 material or to cite them other than as "work in progress." 27 The list of current Internet-Drafts can be accessed at 28 http://www.ietf.org/ietf/1id-abstracts.txt. 30 The list of Internet-Draft Shadow Directories can be accessed at 31 http://www.ietf.org/shadow.html. 33 This Internet-Draft will expire on June 24, 2007. 35 Copyright Notice 37 Copyright (C) The Internet Society (2006). 39 Abstract 41 This document provides a snapshot of the current efforts to define or 42 apply security requirements in various Standards Developing 43 Organizations (SDO). 45 Table of Contents 47 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5 48 2. Format of this Document . . . . . . . . . . . . . . . . . . . 7 49 3. Online Security Glossaries . . . . . . . . . . . . . . . . . . 8 50 3.1. ATIS Telecom Glossary 2000 . . . . . . . . . . . . . . . . 8 51 3.2. Internet Security Glossary - RFC 2828 . . . . . . . . . . 8 52 3.3. Compendium of Approved ITU-T Security Definitions . . . . 8 53 3.4. Microsoft Solutions for Security Glossary . . . . . . . . 9 54 3.5. SANS Glossary of Security Terms . . . . . . . . . . . . . 9 55 3.6. Security Taxonomy and Glossary - Anne & Lynn Wheeler . . . 9 56 4. Standards Developing Organizations . . . . . . . . . . . . . . 10 57 4.1. 3GPP - Third Generation Partnership Project . . . . . . . 10 58 4.2. 3GPP2 - Third Generation Partnership Project 2 . . . . . . 10 59 4.3. ANSI - The American National Standards Institute . . . . . 10 60 4.3.1. Accredited Standards Committee X9 (ASC X9) . . . . . . 10 61 4.4. ATIS - Alliance for Telecommunications Industry 62 Solutions . . . . . . . . . . . . . . . . . . . . . . . . 11 63 4.4.1. ATIS NIPP - Network Interface, Power, and 64 Protection Committee, formerly T1E1 . . . . . . . . . 11 65 4.4.2. ATIS NPRQ - Network Performance, Reliability, and 66 Quality of Service Committee, formerly T1A1 . . . . . 11 67 4.4.3. ATIS OBF - Ordering and Billing Forum, formerly 68 regarding T1M1 O&B . . . . . . . . . . . . . . . . . . 11 69 4.4.4. ATIS OPTXS - Optical Transport and Synchronization 70 Committee, formerly T1X1 . . . . . . . . . . . . . . . 12 71 4.4.5. ATIS TMOC - Telecom Management and Operations 72 Committee, formerly T1M1 OAM&P . . . . . . . . . . . . 12 73 4.4.6. ATIS WTSC - Wireless Technologies and Systems 74 Committee, formerly T1P1 . . . . . . . . . . . . . . . 12 75 4.4.7. ATIS PTSC - Packet Technologies and Systems 76 Committee, formerly T1S1 . . . . . . . . . . . . . . . 12 77 4.4.8. ATIS Protocol Interworking Committee, regarding 78 T1S1 . . . . . . . . . . . . . . . . . . . . . . . . . 13 79 4.5. CC - Common Criteria . . . . . . . . . . . . . . . . . . . 13 80 4.6. DMTF - Distributed Management Task Force, Inc. . . . . . . 13 81 4.7. ETSI - The European Telecommunications Standard 82 Institute . . . . . . . . . . . . . . . . . . . . . . . . 13 83 4.8. GGF - Global Grid Forum . . . . . . . . . . . . . . . . . 13 84 4.9. IEEE - The Institute of Electrical and Electronics 85 Engineers, Inc. . . . . . . . . . . . . . . . . . . . . . 14 87 4.10. IETF - The Internet Engineering Task Force . . . . . . . . 14 88 4.11. INCITS - InterNational Committee for Information 89 Technology Standards . . . . . . . . . . . . . . . . . . . 14 90 4.11.1. INCITS Technical Committee T11 - Fibre Channel 91 Interfaces . . . . . . . . . . . . . . . . . . . . . . 14 92 4.12. ISO - The International Organization for 93 Standardization . . . . . . . . . . . . . . . . . . . . . 14 94 4.13. ITU - International Telecommunication Union . . . . . . . 15 95 4.13.1. ITU Telecommunication Standardization Sector - 96 ITU-T . . . . . . . . . . . . . . . . . . . . . . . . 15 97 4.13.2. ITU Radiocommunication Sector - ITU-R . . . . . . . . 15 98 4.13.3. ITU Telecom Development - ITU-D . . . . . . . . . . . 15 99 4.14. OASIS - Organization for the Advancement of 100 Structured Information Standards . . . . . . . . . . . . . 15 101 4.15. OIF - Optical Internetworking Forum . . . . . . . . . . . 16 102 4.16. NRIC - The Network Reliability and Interoperability 103 Council . . . . . . . . . . . . . . . . . . . . . . . . . 16 104 4.17. National Security Telecommunications Advisory 105 Committee (NSTAC) . . . . . . . . . . . . . . . . . . . . 16 106 4.18. TIA - The Telecommunications Industry Association . . . . 16 107 4.19. TTA - Telecommunications Technology Association . . . . . 17 108 4.20. Web Services Interoperability Organization (WS-I) . . . . 17 109 5. Security Best Practices Efforts and Documents . . . . . . . . 18 110 5.1. 3GPP - TSG SA WG3 (Security) . . . . . . . . . . . . . . . 18 111 5.2. 3GPP2 - TSG-S Working Group 4 (Security) . . . . . . . . . 18 112 5.3. American National Standard T1.276-2003 - Baseline 113 Security Requirements for the Management Plane . . . . . . 18 114 5.4. DMTF - Security Protection and Management (SPAM) 115 Working Group . . . . . . . . . . . . . . . . . . . . . . 19 116 5.5. DMTF - User and Security Working Group . . . . . . . . . . 19 117 5.6. ATIS Work-Plan to Achieve Interoperable, 118 Implementable, End-To-End Standards and Solutions . . . . 19 119 5.6.1. ATIS Work on Packet Filtering . . . . . . . . . . . . 19 120 5.7. ATIS Work on the NGN . . . . . . . . . . . . . . . . . . . 20 121 5.8. Common Criteria . . . . . . . . . . . . . . . . . . . . . 20 122 5.9. ETSI . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 123 5.10. GGF Security Area (SEC) . . . . . . . . . . . . . . . . . 21 124 5.11. Information System Security Assurance Architecture . . . . 21 125 5.12. Operational Security Requirements for IP Network 126 Infrastructure : Advanced Requirements . . . . . . . . . . 21 127 5.13. INCITS CS1 - Cyber Security . . . . . . . . . . . . . . . 22 128 5.14. ISO Guidelines for the Management of IT Security - 129 GMITS . . . . . . . . . . . . . . . . . . . . . . . . . . 22 130 5.15. ISO JTC 1/SC 27 . . . . . . . . . . . . . . . . . . . . . 23 131 5.16. ITU-T Study Group 2 . . . . . . . . . . . . . . . . . . . 23 132 5.17. ITU-T Recommendation M.3016 . . . . . . . . . . . . . . . 24 133 5.18. ITU-T Recommendation X.805 . . . . . . . . . . . . . . . 24 134 5.19. ITU-T Study Group 16 . . . . . . . . . . . . . . . . . . . 24 135 5.20. ITU-T Study Group 17 . . . . . . . . . . . . . . . . . . . 25 136 5.21. Catalogue of ITU-T Recommendations related to 137 Communications System Security . . . . . . . . . . . . . . 25 138 5.22. ITU-T Security Manual . . . . . . . . . . . . . . . . . . 25 139 5.23. ITU-T NGN Effort . . . . . . . . . . . . . . . . . . . . . 26 140 5.24. NRIC VI Focus Groups . . . . . . . . . . . . . . . . . . . 26 141 5.25. OASIS Security Joint Committee . . . . . . . . . . . . . . 26 142 5.26. OASIS Security Services (SAML) TC . . . . . . . . . . . . 27 143 5.27. OIF Implementation Agreements . . . . . . . . . . . . . . 27 144 5.28. TIA . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 145 5.29. WS-I Basic Security Profile . . . . . . . . . . . . . . . 28 146 6. Security Considerations . . . . . . . . . . . . . . . . . . . 29 147 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30 148 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 31 149 9. Changes from Prior Drafts . . . . . . . . . . . . . . . . . . 32 150 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 34 151 Intellectual Property and Copyright Statements . . . . . . . . . . 35 153 1. Introduction 155 The Internet is being recognized as a critical infrastructure similar 156 in nature to the power grid and a potable water supply. Just like 157 those infrastructures, means are needed to provide resiliency and 158 adaptability to the Internet so that it remains consistently 159 available to the public throughout the world even during times of 160 duress or attack. For this reason, many SDOs are developing 161 standards with hopes of retaining an acceptable level, or even 162 improving this availability, to its users. These SDO efforts usually 163 define themselves as "security" efforts. It is the opinion of the 164 authors that there are many different definitions of the term 165 "security" and it may be applied in many diverse ways. As such, we 166 offer no assurance that the term is applied consistently throughout 167 this document. 169 Many of these SDOs have diverse charters and goals and will take 170 entirely different directions in their efforts to provide standards. 171 However, even with that, there will be overlaps in their produced 172 works. If there are overlaps then there is a potential for conflicts 173 and confusion. This may result in: 175 Vendors of networking equipment who are unsure of which standard 176 to follow. 178 Purchasers of networking equipment who are unsure of which 179 standard will best apply to the needs of their business or 180 ogranization. 182 Network Administrators and Operators unsure of which standard to 183 follow to attain the best security for their network. 185 For these reasons, the authors wish to encourage all SDOs who have an 186 interest in producing or in consuming standards relating to good 187 security practices to be consistent in their approach and their 188 recommendations. In many cases, the authors are aware that the SDOs 189 are making good efforts along these lines. However, the authors do 190 not participate in all SDO efforts and cannot know everything that is 191 happening. 193 The OpSec Working Group met at the 61st IETF and agreed that this 194 document could be a useful reference in producing the documents 195 described in the Working Group Charter. The authors have agreed to 196 keep this document current and request that those who read it will 197 submit corrections or comments. 199 Comments on this document may be addressed to the OpSec Working Group 200 or directly to the authors. 202 opsec@ops.ietf.org 204 2. Format of this Document 206 The body of this document has three sections. 208 The first part of the body of this document, Section 3, contains a 209 listing of online glossaries relating to networking and security. It 210 is very important that the definitions of words relating to security 211 and security events be consistent. Inconsistencies between the 212 useage of words on standards is unacceptable as it would prevent a 213 reader of two standards to appropriately relate their 214 recommendations. The authors of this document have not reviewed the 215 definitions of the words in the listed glossaries so can offer no 216 assurance of their alignment. 218 The second part, Section 4, contains a listing of SDOs that appear to 219 be working on security standards. 221 The third part, Section 5, lists the documents which have been found 222 to offer good practices or recommendations for securing networks and 223 networking devices. 225 3. Online Security Glossaries 227 This section contains references to glossaries of network and 228 computer security terms 230 3.1. ATIS Telecom Glossary 2000 232 http://www.atis.org/tg2k/ 234 Under an approved T1 standards project (T1A1-20), an existing 5800- 235 entry, search-enabled hypertext telecommunications glossary titled 236 Federal Standard 1037C, Glossary of Telecommunication Terms was 237 updated and matured into this glossary, T1.523-2001, Telecom Glossary 238 2000. This updated glossary was posted on the Web as an American 239 National Standard (ANS). 241 3.2. Internet Security Glossary - RFC 2828 243 http://www.ietf.org/rfc/rfc2828.txt 245 Created in May 2000, the document defines itself to be, "an 246 internally consistent, complementary set of abbreviations, 247 definitions, explanations, and recommendations for use of terminology 248 related to information system security." The glossary makes the 249 distinction of the listed definitions throughout the document as 250 being: 252 o a recommended Internet definition 254 o a recommended non-Internet definition 256 o not recommended as the first choice for Internet documents but 257 something that an author of an Internet document would need to 258 know 260 o a definition that shouldn't be used in Internet documents 262 o additional commentary or usage guidance 264 3.3. Compendium of Approved ITU-T Security Definitions 266 http://www.itu.int/itudoc/itu-t/com17/activity/def004.html 268 Addendum to the Compendium of the Approved ITU-T Security-related 269 Definitions 270 http://www.itu.int/itudoc/itu-t/com17/activity/add002.html 272 These extensive materials were created from approved ITU-T 273 Recommendations with a view toward establishing a common 274 understanding and use of security terms within ITU-T. 276 3.4. Microsoft Solutions for Security Glossary 278 http://www.microsoft.com/security/glossary.mspx 280 The Microsoft Solutions for Security Glossary was created to explain 281 the concepts, technologies, and products associated with computer 282 security. This glossary contains several definitions specific to 283 Microsoft proprietary technologies and product solutions. 285 3.5. SANS Glossary of Security Terms 287 http://www.sans.org/resources/glossary.php 289 The SANS Institute (SysAdmin, Audit, Network, Security) was created 290 in 1989 as, "a cooperative research and education organization." 291 Updated in May 2003, SANS cites the NSA for their help in creating 292 the online glossary of security terms. The SANS Institute is also 293 home to many other resources including the SANS Intrusion Detection 294 FAQ and the SANS/FBI Top 20 Vulnerabilities List. 296 3.6. Security Taxonomy and Glossary - Anne & Lynn Wheeler 298 http://www.garlic.com/~lynn/secure.htm 300 Anne and Lynn Wheeler maintain a security taxonomy and glossary with 301 terms merged from AFSEC, AJP, CC1, CC2, CC21 (CC site), CIAO, FCv1, 302 FFIEC, FJC, FTC, IATF V3 (IATF site), IEEE610, ITSEC, Intel, JTC1/ 303 SC27 (SC27 site), KeyAll, MSC, NIST 800-30, 800-33, 800-37, 800-53, 304 800-61, 800-77, 800-83 FIPS140, NASA, NCSC/TG004, NIAP, NSA 305 Intrusion, CNSSI 4009, online security study, RFC1983, RFC2504, 306 RFC2647, RFC2828, TCSEC, TDI, and TNI. 308 4. Standards Developing Organizations 310 This section of this document lists the SDOs, or organizations that 311 appear to be developing security related standards. These SDOs are 312 listed in alphabetical order. 314 Note: The authors would appreciate corrections and additions. This 315 note will be removed before publication as an RFC. 317 4.1. 3GPP - Third Generation Partnership Project 319 http://www.3gpp.org/ 321 The 3rd Generation Partnership Project (3GPP) is a collaboration 322 agreement formed in December 1998. The collaboration agreement is 323 comprised of several telecommunications standards bodies which are 324 known as "Organizational Partners". The current Organizational 325 Partners involved with 3GPP are ARIB, CCSA, ETSI, ATIS, TTA, and TTC. 327 4.2. 3GPP2 - Third Generation Partnership Project 2 329 http://www.3gpp2.org/ 331 Third Generation Partnership Project 2 (3GPP2) is a collaboration 332 among Organizational Partners much like its sister project 3GPP. The 333 Organizational Partners (OPs) currently involved with 3GPP2 are ARIB, 334 CCSA, TIA, TTA, and TTC. In addition to the OPs, 3GPP2 also welcomes 335 the CDMA Development Group and IPv6 Forum as Market Representation 336 Partners for market advice. 338 4.3. ANSI - The American National Standards Institute 340 http://www.ansi.org/ 342 ANSI is a private, non-profit organization that organizes and 343 oversees the U.S. voluntary standardization and conformity assessment 344 system. ANSI was founded October 19, 1918. 346 4.3.1. Accredited Standards Committee X9 (ASC X9) 348 http://www.x9.org/ 350 The Accredited Standards Committee X9 (ASC X9) has the mission to 351 develop, establish, maintain, and promote standards for the Financial 352 Services Industry in order to facilitate delivery of financial 353 services and products. 355 4.4. ATIS - Alliance for Telecommunications Industry Solutions 357 http://www.atis.org/ 359 ATIS is a United States based body that is committed to rapidly 360 developing and promoting technical and operations standards for the 361 communications and related information technologies industry 362 worldwide using pragmatic, flexible and open approach. Committee T1 363 as a group no longer exists as a result of the recent ATIS 364 reorganization on January 1, 2004. ATIS has restructured the former 365 T1 technical subcommittees into full ATIS standards committees to 366 easily identify and promote the nature of standards work each 367 committee performs. Due to the reorganization, some groups may have 368 a new mission and scope statement. 370 4.4.1. ATIS NIPP - Network Interface, Power, and Protection Committee, 371 formerly T1E1 373 http://www.atis.org/0050/index.asp 375 ATIS Network Interface, Power, and Protection Committee develops and 376 recommends standards and technical reports related to power systems, 377 electrical and physical protection for the exchange and interexchange 378 carrier networks, and interfaces associated with user access to 379 telecommunications networks. 381 4.4.2. ATIS NPRQ - Network Performance, Reliability, and Quality of 382 Service Committee, formerly T1A1 384 http://www.atis.org/0010/index.asp 386 ATIS Network Performance, Reliability and Quality of Service 387 Committee develops and recommends standards, requirements, and 388 technical reports related to the performance, reliability, and 389 associated security aspects of communications networks, as well as 390 the processing of voice, audio, data, image, and video signals, and 391 their multimedia integration. 393 4.4.3. ATIS OBF - Ordering and Billing Forum, formerly regarding T1M1 394 O&B 396 http://www.atis.org/obf/index.asp 398 The T1M1 O&B subcommittee has become part of the ATIS Ordering and 399 Billing Forum. 401 The ATIS-sponsored Ordering and Billing Forum (OBF) provides a forum 402 for customers and providers in the telecommunications industry to 403 identify, discuss and resolve national issues which affect ordering, 404 billing, provisioning and exchange of information about access 405 services, other connectivity and related matters. 407 4.4.4. ATIS OPTXS - Optical Transport and Synchronization Committee, 408 formerly T1X1 410 http://www.atis.org/0240/index.asp 412 ATIS Optical Transport and Synchronization Committee develops and 413 recommends standards and prepares technical reports related to 414 telecommunications network technology pertaining to network 415 synchronization interfaces and hierarchical structures including 416 optical technology. 418 4.4.5. ATIS TMOC - Telecom Management and Operations Committee, 419 formerly T1M1 OAM&P 421 http://www.atis.org/0130/index.asp 423 ATIS Telecom Management and Operations Committee develops 424 internetwork operations, administration, maintenance and provisioning 425 standards, and technical reports related to interfaces for 426 telecommunications networks. 428 4.4.6. ATIS WTSC - Wireless Technologies and Systems Committee, 429 formerly T1P1 431 http://www.atis.org/0160/index.asp 433 ATIS Wireless Technologies and Systems Committee develops and 434 recommends standards and technical reports related to wireless and/or 435 mobile services and systems, including service descriptions and 436 wireless technologies. 438 4.4.7. ATIS PTSC - Packet Technologies and Systems Committee, formerly 439 T1S1 441 http://www.atis.org/0191/index.asp 443 T1S1 was split into two separate ATIS committees: the ATIS Packet 444 Technologies and Systems Committee and the ATIS Protocol Interworking 445 Committee. PTSC is responsible for producing standards to secure 446 signalling. 448 The basic document is PTSC-SEC-2005-059.doc which is in Letter Ballot 449 at this time. It is expected to move to an ANSI standard. 451 4.4.8. ATIS Protocol Interworking Committee, regarding T1S1 453 T1S1 was split into two separate ATIS committees: the ATIS Packet 454 Technologies and Systems Committee and the ATIS Protocol Interworking 455 Committee. As a result of the reorganization of T1S1, these groups 456 will also probably have a new mission and scope. 458 4.5. CC - Common Criteria 460 http://www.commoncriteriaportal.org/ 462 In June 1993, the sponsoring organizations of the existing US, 463 Canadian, and European criterias (TCSEC, ITSEC, and similar) started 464 the Common Criteria Project to align their separate criteria into a 465 single set of IT security criteria. 467 4.6. DMTF - Distributed Management Task Force, Inc. 469 http://www.dmtf.org/ 471 Founded in 1992, the DMTF brings the technology industry's customers 472 and top vendors together in a collaborative, working group approach 473 that involves DMTF members in all aspects of specification 474 development and refinement. 476 4.7. ETSI - The European Telecommunications Standard Institute 478 http://www.etsi.org/ 480 ETSI is an independent, non-profit organization which produces 481 telecommunications standards. ETSI is based in Sophia-Antipolis in 482 the south of France and maintains a membership from 55 countries. 484 Joint work between ETSI and ITU-T SG-17 486 http://www.tta.or.kr/gsc/upload/ 487 GSC9_Joint_011_Security_Standardization_in_ITU.ppt 489 4.8. GGF - Global Grid Forum 491 http://www.gridforum.org/ 493 The Global Grid Forum (GGF) is a community-initiated forum of 494 thousands of individuals from industry and research leading the 495 global standardization effort for grid computing. GGF's primary 496 objectives are to promote and support the development, deployment, 497 and implementation of grid technologies and applications via the 498 creation and documentation of "best practices" - technical 499 specifications, user experiences, and implementation guidelines. 501 4.9. IEEE - The Institute of Electrical and Electronics Engineers, Inc. 503 http://www.ieee.org/ 505 IEEE is a non-profit, professional association of more than 360,000 506 individual members in approximately 175 countries. The IEEE produces 507 30 percent of the world's published literature in electrical 508 engineering, computers, and control technology through its technical 509 publishing, conferences, and consensus-based standards activities. 511 4.10. IETF - The Internet Engineering Task Force 513 http://www.ietf.org/ 515 IETF is a large, international community open to any interested 516 individual concerned with the evolution of the Internet architecture 517 and the smooth operation of the Internet. 519 4.11. INCITS - InterNational Committee for Information Technology 520 Standards 522 http://www.incits.org/ 524 INCITS focuses upon standardization in the field of Information and 525 Communications Technologies (ICT), encompassing storage, processing, 526 transfer, display, management, organization, and retrieval of 527 information. 529 4.11.1. INCITS Technical Committee T11 - Fibre Channel Interfaces 531 http://www.t11.org/index.htm 533 T11 is responsible for standards development in the areas of 534 Intelligent Peripheral Interface (IPI), High-Performance Parallel 535 Interface (HIPPI) and Fibre Channel (FC). T11 has a project called 536 FC-SP to define Security Protocols for Fibre Channel. 538 FC-SP Project Proposal: 539 ftp://ftp.t11.org/t11/admin/project_proposals/02-036v2.pdf 541 4.12. ISO - The International Organization for Standardization 543 http://www.iso.org/ 545 ISO is a network of the national standards institutes of 148 546 countries, on the basis of one member per country, with a Central 547 Secretariat in Geneva, Switzerland, that coordinates the system. ISO 548 officially began operations on February 23, 1947. 550 4.13. ITU - International Telecommunication Union 552 http://www.itu.int/ 554 The ITU is an international organization within the United Nations 555 System headquartered in Geneva, Switzerland. The ITU is comprised of 556 three sectors: 558 4.13.1. ITU Telecommunication Standardization Sector - ITU-T 560 http://www.itu.int/ITU-T/ 562 ITU-T's mission is to ensure an efficient and on-time production of 563 high quality standards covering all fields of telecommunications. 565 4.13.2. ITU Radiocommunication Sector - ITU-R 567 http://www.itu.int/ITU-R/ 569 The ITU-R plays a vital role in the management of the radio-frequency 570 spectrum and satellite orbits. 572 4.13.3. ITU Telecom Development - ITU-D 574 (also referred as ITU Telecommunication Development Bureau - BDT) 576 http://www.itu.int/ITU-D/ 578 The Telecommunication Development Bureau (BDT) is the executive arm 579 of the Telecommunication Development Sector. Its duties and 580 responsibilities cover a variety of functions ranging from programme 581 supervision and technical advice to the collection, processing and 582 publication of information relevant to telecommunication development. 584 4.14. OASIS - Organization for the Advancement of Structured 585 Information Standards 587 http://www.oasis-open.org/ 589 OASIS is a not-for-profit, international consortium that drives the 590 development, convergence, and adoption of e-business standards. 592 4.15. OIF - Optical Internetworking Forum 594 http://www.oiforum.com/ 596 On April 20, 1998 Cisco Systems and Ciena Corporation announced an 597 industry-wide initiative to create the Optical Internetworking Forum, 598 an open forum focused on accelerating the deployment of optical 599 internetworks. 601 4.16. NRIC - The Network Reliability and Interoperability Council 603 http://www.nric.org/ 605 The purposes of the Committee are to give telecommunications industry 606 leaders the opportunity to provide recommendations to the FCC and to 607 the industry that assure optimal reliability and interoperability of 608 telecommunications networks. The Committee addresses topics in the 609 area of Homeland Security, reliability, interoperability, and 610 broadband deployment. 612 4.17. National Security Telecommunications Advisory Committee (NSTAC) 614 http://www.ncs.gov/nstac/nstac.html 616 President Ronald Reagan created the National Security 617 Telecommunications Advisory Committee (NSTAC) by Executive Order 618 12382 in September 1982. Since then, the NSTAC has served four 619 presidents. Composed of up to 30 industry chief executives 620 representing the major communications and network service providers 621 and information technology, finance, and aerospace companies, the 622 NSTAC provides industry-based advice and expertise to the President 623 on issues and problems related to implementing national security and 624 emergency preparedness (NS/EP) communications policy. Since its 625 inception, the NSTAC has addressed a wide range of policy and 626 technical issues regarding communications, information systems, 627 information assurance, critical infrastructure protection, and other 628 NS/EP communications concerns. 630 4.18. TIA - The Telecommunications Industry Association 632 http://www.tiaonline.org/ 634 TIA is accredited by ANSI to develop voluntary industry standards for 635 a wide variety of telecommunications products. TIA's Standards and 636 Technology Department is composed of five divisions: Fiber Optics, 637 User Premises Equipment, Network Equipment, Wireless Communications 638 and Satellite Communications. 640 4.19. TTA - Telecommunications Technology Association 642 http://www.tta.or.kr/Home2003/main/index.jsp 643 http://www.tta.or.kr/English/new/main/index.htm (English) 645 TTA (Telecommunications Technology Association) is a IT standards 646 organization that develops new standards and provides one-stop 647 services for the establishment of IT standards as well as providing 648 testing and certification for IT products. 650 4.20. Web Services Interoperability Organization (WS-I) 652 http://www.ws-i.org/ 654 WS-I is an open, industry organization chartered to promote Web 655 services interoperability across platforms, operating systems, and 656 programming languages. The organization works across the industry 657 and standards organizations to respond to customer needs by providing 658 guidance, best practices, and resources for developing Web services 659 solutions. 661 5. Security Best Practices Efforts and Documents 663 This section lists the works produced by the SDOs. 665 5.1. 3GPP - TSG SA WG3 (Security) 667 http://www.3gpp.org/TB/SA/SA3/SA3.htm 669 TSG SA WG3 Security is responsible for the security of the 3GPP 670 system, performing analyses of potential security threats to the 671 system, considering the new threats introduced by the IP based 672 services and systems and setting the security requirements for the 673 overall 3GPP system. 675 Specifications: 676 http://www.3gpp.org/ftp/Specs/html-info/TSG-WG--S3.htm 678 Work Items: 679 http://www.3gpp.org/ftp/Specs/html-info/TSG-WG--s3--wis.htm 681 3GPP Confidentiality and Integrity algorithms: 682 http://www.3gpp.org/TB/Other/algorithms.htm 684 5.2. 3GPP2 - TSG-S Working Group 4 (Security) 686 http://www.3gpp2.org/Public_html/S/index.cfm 688 The Services and Systems Aspects TSG (TSG-S) is responsible for the 689 development of service capability requirements for systems based on 690 3GPP2 specifications. Among its responsibilities TSG-S is addressing 691 management, technical coordination, as well as architectural and 692 requirements development associated with all end-to-end features, 693 services and system capabilities including, but not limited to, 694 security and QoS. 696 TSG-S Specifications: 697 http://www.3gpp2.org/Public_html/specs/index.cfm#tsgs 699 5.3. American National Standard T1.276-2003 - Baseline Security 700 Requirements for the Management Plane 702 Abstract: This standard contains a set of baseline security 703 requirements for the management plane. The President's National 704 Security Telecommunications Advisory Committee Network Security 705 Information Exchange (NSIE) and Government NSIE jointly established a 706 Security Requirements Working Group (SRWG) to examine the security 707 requirements for controlling access to the public switched network, 708 in particular with respect to the emerging next generation network. 710 In the telecommunications industry, this access incorporates 711 operation, administration, maintenance, and provisioning for network 712 elements and various supporting systems and databases. Members of 713 the SRWG, from a cross-section of telecommunications carriers and 714 vendors, developed an initial list of security requirements that 715 would allow vendors, government departments and agencies, and service 716 providers to implement a secure telecommunications network management 717 infrastructure. This initial list of security requirements was 718 submitted as a contribution to Committee T1 - Telecommunications, 719 Working Group T1M1.5 for consideration as a standard. The 720 requirements outlined in this document will allow vendors, government 721 departments and agencies, and service providers to implement a secure 722 telecommunications network management infrastructure. 724 Documents: 725 http://webstore.ansi.org/ansidocstore/product.asp?sku=T1%2E276%2D2003 727 5.4. DMTF - Security Protection and Management (SPAM) Working Group 729 http://www.dmtf.org/about/committees/spamWGCharter.pdf 731 The Working Group will define a CIM Common Model that addresses 732 security protection and detection technologies, which may include 733 devices and services, and classifies security information, attacks, 734 and responses. 736 5.5. DMTF - User and Security Working Group 738 http://www.dmtf.org/about/committees/userWGCharter.pdf 740 The User and Security Working Group defines objects and access 741 methods required for principals - where principals include users, 742 groups, software agents, systems, and organizations. 744 5.6. ATIS Work-Plan to Achieve Interoperable, Implementable, End-To-End 745 Standards and Solutions 747 ftp://ftp.t1.org/T1M1/NEW-T1M1.0/3M101940.pdf 749 The ATIS TOPS Security Focus Group has made recommendations on work 750 items needed to be performed by other SDOs. 752 5.6.1. ATIS Work on Packet Filtering 754 A part of the ATIS Work Plan was to define how disruptions may be 755 prevented by filtering unwanted traffic at the edges of the network. 756 ATIS is developing this work in a document titled, "Traffic Filtering 757 for the Prevention of Unwanted Traffic". 759 5.7. ATIS Work on the NGN 761 http://www.atis.org/tops/WebsiteDocuments/NGN/Working%20Docs/ 762 Part%20I/ATIS_NGN_Part_1_Issue1.pdf 764 In November 2004, ATIS released Part I of the ATIS NGN-FG efforts 765 entitled, "ATIS Next Generation Network (NGN) Framework Part I: NGN 766 Definitions, Requirements, and Architecture, Issue 1.0, November 767 2004." 769 5.8. Common Criteria 771 http://www.commoncriteriaportal.org/ 773 Version 1.0 of the CC was completed in January 1996. Based on a 774 number of trial evaluations and an extensive public review, Version 775 1.0 was extensively revised and CC Version 2.0 was produced in April 776 of 1998. This became ISO International Standard 15408 in 1999. The 777 CC Project subsequently incorporated the minor changes that had 778 resulted in the ISO process, producing CC version 2.1 in August 1999. 779 Version 3.0 was published in June 2005 and is available for comment. 781 The official version of the Common Criteria and of the Common 782 Evaluation Methodology is v2.3 which was published in August 2005. 784 All Common Criteria publications contain: 786 Part 1: Introduction and general model 788 Part 2: Security functional components 790 Part 3: Security assurance components 792 Documents: Common Criteria V2.3 793 http://www.commoncriteriaportal.org/public/expert/index.php?menu=2 795 5.9. ETSI 797 http://www.etsi.org/ 799 The ETSI hosted the ETSI Global Security Conference in late November, 800 2003, which could lead to a standard. 802 Groups related to security located from the ETSI Groups Portal: 804 OCG Security 805 3GPP SA3 807 TISPAN WG7 809 5.10. GGF Security Area (SEC) 811 https://forge.gridforum.org/projects/sec/ 813 The Security Area (SEC) is concerned with various issues relating to 814 authentication and authorization in Grid environments. 816 Working groups: 818 Authorization Frameworks and Mechanisms WG (AuthZ-WG) - 819 https://forge.gridforum.org/projects/authz-wg 821 Certificate Authority Operations Working Group (CAOPS-WG) - 822 https://forge.gridforum.org/projects/caops-wg 824 OGSA Authorization Working Group (OGSA-AUTHZ) - 825 https://forge.gridforum.org/projects/ogsa-authz 827 Grid Security Infrastructure (GSI-WG) - 828 https://forge.gridforum.org/projects/gsi-wg 830 5.11. Information System Security Assurance Architecture 832 IEEE Working Group - http://issaa.org/ 834 Formerly the Security Certification and Accreditation of Information 835 Systems (SCAISWG), IEEE Project 1700's purpose is to develop a draft 836 Standard for Information System Security Assurance Architecture for 837 ballot and during the process begin development of a suite of 838 associated standards for components of that architecture. 840 Documents: http://issaa.org/documents/index.html 842 5.12. Operational Security Requirements for IP Network Infrastructure : 843 Advanced Requirements 845 IETF RFC 3871 847 Abstract: This document defines a list of operational security 848 requirements for the infrastructure of large ISP IP networks (routers 849 and switches). A framework is defined for specifying "profiles", 850 which are collections of requirements applicable to certain network 851 topology contexts (all, core-only, edge-only...). The goal is to 852 provide network operators a clear, concise way of communicating their 853 security requirements to vendors. 855 Documents: 857 ftp://ftp.rfc-editor.org/in-notes/rfc3871.txt 859 5.13. INCITS CS1 - Cyber Security 861 http://cs1.incits.org/ 863 INCITS/CS1 was established in April 2005 to serve as the US TAG for 864 ISO/IEC JTC 1/SC 27 and all SC 27 Working Groups except WG 2 865 (INCITS/T4 serves as the US TAG to SC 27/WG 2). 867 The scope of CS1 explicitly excludes the areas of work on cyber 868 security standardization presently underway in INCITS B10, M1 and T3; 869 as well as other standard groups, such as ATIS, IEEE, IETF, TIA, and 870 X9. INCITS T4's area of work would be narrowed to cryptography 871 projects in ISO/IEC JTC 1/SC 27 WG 2 (Security techniques and 872 mechanisms). 874 5.14. ISO Guidelines for the Management of IT Security - GMITS 876 Guidelines for the Management of IT Security -- Part 1: Concepts and 877 models for IT Security 879 http://www.iso.ch/iso/en/ 880 CatalogueDetailPage.CatalogueDetail?CSNUMBER=21733&ICS1=35 882 Guidelines for the Management of IT Security -- Part 2: Managing and 883 planning IT Security 885 http://www.iso.org/iso/en/ 886 CatalogueDetailPage.CatalogueDetail?CSNUMBER=21755&ICS1=35&ICS2=40& 887 ICS3= 889 Guidelines for the Management of IT Security -- Part 3: Techniques 890 for the management of IT Security 892 http://www.iso.org/iso/en/ 893 CatalogueDetailPage.CatalogueDetail?CSNUMBER=21756&ICS1=35&ICS2=40& 894 ICS3= 896 Guidelines for the Management of IT Security -- Part 4: Selection of 897 safeguards 899 http://www.iso.org/iso/en/ 900 CatalogueDetailPage.CatalogueDetail?CSNUMBER=29240&ICS1=35&ICS2=40& 901 ICS3= 903 Guidelines for the Management of IT Security - Part 5: Management 904 guidance on network security 906 http://www.iso.org/iso/en/ 907 CatalogueDetailPage.CatalogueDetail?CSNUMBER=31142&ICS1=35&ICS2=40& 908 ICS3= 910 Open Systems Interconnection -- Network layer security protocol 912 http://www.iso.org/iso/en/ 913 CatalogueDetailPage.CatalogueDetail?CSNUMBER=22084&ICS1=35&ICS2=100& 914 ICS3=30 916 5.15. ISO JTC 1/SC 27 918 http://www.iso.ch/iso/en/stdsdevelopment/techprog/workprog/ 919 TechnicalProgrammeSCDetailPage.TechnicalProgrammeSCDetail?COMMID=143 921 Several security related ISO projects under JTC 1/SC 27 are listed 922 here such as: 924 IT security techniques -- Entity authentication 926 Security techniques -- Key management 928 Security techniques -- Evaluation criteria for IT security 930 Security techniques -- A framework for IT security assurance 932 IT Security techniques -- Code of practice for information 933 security management 935 Security techniques -- IT network security 937 Guidelines for the implementation, operation and management of 938 Intrusion Detection Systems (IDS) 940 International Security, Trust, and Privacy Alliance -- Privacy 941 Framework 943 5.16. ITU-T Study Group 2 945 http://www.itu.int/ITU-T/studygroups/com02/index.asp 947 Security related recommendations currently under study: 949 E.408 Telecommunication networks security requirements Q.5/2 (was 950 E.sec1) 952 E.409 Incident Organisation and Security Incident Handling Q.5/2 953 (was E.sec2) 955 Note: Access requires TIES account. 957 5.17. ITU-T Recommendation M.3016 959 http://www.itu.int/itudoc/itu-t/com4/contr/068.html 961 This recommendation provides an overview and framework that 962 identifies the security requirements of a TMN and outlines how 963 available security services and mechanisms can be applied within the 964 context of the TMN functional architecture. 966 Question 18 of Study Group 3 is revising Recommendation M.3016. They 967 have taken the original document and are incorporating thoughts from 968 ITU-T Recommendation X.805 and from ANSI T1.276-2003. The group has 969 produced a new series of documents. 971 M.3016.0 - Overview 973 M.3016.1 - Requirements 975 M.3016.2 - Services 977 M.3016.3 - Mechanisms 979 M.3016.4 - Profiles 981 5.18. ITU-T Recommendation X.805 983 http://www.itu.int/itudoc/itu-t/aap/sg17aap/history/x805/x805.html 985 This Recommendation defines the general security-related 986 architectural elements that, when appropriately applied, can provide 987 end-to-end network security. 989 5.19. ITU-T Study Group 16 991 http://www.itu.int/ITU-T/studygroups/com16/index.asp 993 Multimedia Security in Next-Generation Networks (NGN-MM-SEC) 995 http://www.itu.int/ITU-T/studygroups/com16/sg16-q25.html 997 5.20. ITU-T Study Group 17 999 http://www.itu.int/ITU-T/studygroups/com17/index.asp 1001 ITU-T Study Group 17 is the Lead Study Group on Communication System 1002 Security 1004 http://www.itu.int/ITU-T/studygroups/com17/cssecurity.html 1006 Study Group 17 Security Project: 1008 http://www.itu.int/ITU-T/studygroups/com17/security/index.html 1010 During its November 2002 meeting, Study Group 17 agreed to establish 1011 a new project entitled "Security Project" under the leadership of 1012 Q.10/17 to coordinate the ITU-T standardization effort on security. 1013 An analysis of the status on ITU-T Study Group action on information 1014 and communication network security may be found in TSB Circular 147 1015 of 14 February 2003. 1017 5.21. Catalogue of ITU-T Recommendations related to Communications 1018 System Security 1020 http://www.itu.int/itudoc/itu-t/com17/activity/cat004.html 1022 The Catalogue of the approved security Recommendations include those, 1023 designed for security purposes and those, which describe or use of 1024 functions of security interest and need. Although some of the 1025 security related Recommendations includes the phrase "Open Systems 1026 Interconnection", much of the information contained in them is 1027 pertinent to the establishment of security functionality in any 1028 communicating system. 1030 5.22. ITU-T Security Manual 1032 http://www.itu.int/ITU-T/edh/files/security-manual.pdf 1034 TSB is preparing an "ITU-T Security Manual" to provide an overview on 1035 security in telecommunications and information technologies, describe 1036 practical issues, and indicate how the different aspects of security 1037 in today's applications are addressed by ITU-T Recommendations. This 1038 manual has a tutorial character: it collects security related 1039 material from ITU-T Recommendations into one place and explains the 1040 respective relationships. The intended audience for this manual are 1041 engineers and product managers, students and academia, as well as 1042 regulators who want to better understand security aspects in 1043 practical applications. 1045 5.23. ITU-T NGN Effort 1047 http://www.itu.int/ITU-T/2001-2004/com13/ngn2004/index.html 1049 During its January 2002 meeting, SG13 decided to undertake the 1050 preparation of a new ITU-T Project entitled "NGN 2004 Project". At 1051 the November 2002 SG13 meeting, a preliminary description of the 1052 Project was achieved and endorsed by SG13 with the goal to launch the 1053 Project. It is regularly updated since then. 1055 The role of the NGN 2004 Project is to organize and to coordinate 1056 ITU-T activities on Next Generation Networks. Its target is to 1057 produce a first set of Recommendations on NGN by the end of this 1058 study period, i.e. mid-2004. 1060 5.24. NRIC VI Focus Groups 1062 http://www.nric.org/fg/index.html 1064 The Network Reliability and Interoperability Council (NRIC) was 1065 formed with the purpose to provide recommendations to the FCC and to 1066 the industry to assure the reliability and interoperability of 1067 wireless, wireline, satellite, and cable public telecommunications 1068 networks. These documents provide general information and guidance 1069 on NRIC Focus Group 1B (Cybersecurity) Best Practices for the 1070 prevention of cyberattack and for restoration following a 1071 cyberattack. 1073 Documents: 1075 Homeland Defense - Recommendations Published 14-Mar-03 1077 Preventative Best Practices - Recommendations Published 14-Mar-03 1079 Recovery Best Practices - Recommendations Published 14-Mar-03 1081 Best Practice Appendices - Recommendations Published 14-Mar-03 1083 5.25. OASIS Security Joint Committee 1085 http://www.oasis-open.org/committees/ 1086 tc_home.php?wg_abbrev=security-jc 1088 The purpose of the Security JC is to coordinate the technical 1089 activities of multiple security related TCs. The SJC is advisory 1090 only, and has no deliverables. The Security JC will promote the use 1091 of consistent terms, promote re-use, champion an OASIS security 1092 standards model, provide consistent PR, and promote mutuality, 1093 operational independence and ethics. 1095 5.26. OASIS Security Services (SAML) TC 1097 http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security 1099 The Security Services TC is working to advance the Security Assertion 1100 Markup Language (SAML) as an OASIS standard. SAML is an XML 1101 framework for exchanging authentication and authorization 1102 information. 1104 5.27. OIF Implementation Agreements 1106 The OIF has 2 approved Implementation Agreements (IAs) relating to 1107 security. They are: 1109 OIF-SMI-01.0 - Security Management Interfaces to Network Elements 1111 This Implementation Agreement lists objectives for securing OAM&P 1112 interfaces to a Network Element and then specifies ways of using 1113 security systems (e.g., IPsec or TLS) for securing these interfaces. 1114 It summarizes how well each of the systems, used as specified, 1115 satisfies the objectives. 1117 OIF - SEP - 01.1 - Security Extension for UNI and NNI 1119 This Implementation Agreement defines a common Security Extension for 1120 securing the protocols used in UNI 1.0, UNI 2.0, and NNI. 1122 Documents: http://www.oiforum.com/public/documents/Security-IA.pdf 1124 5.28. TIA 1126 The TIA has produced the "Compendium of Emergency Communications and 1127 Communications Network Security-related Work Activities". This 1128 document identifies standards, or other technical documents and 1129 ongoing Emergency/Public Safety Communications and Communications 1130 Network Security-related work activities within TIA and it's 1131 Engineering Committees. Many P25 documents are specifically 1132 detailed. This "living document" is presented for information, 1133 coordination and reference. 1135 Documents: http://www.tiaonline.org/standards/technology/ciphs/ 1136 documents/EMTEL_sec.pdf 1138 5.29. WS-I Basic Security Profile 1140 http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html 1142 The WS-I Basic Security Profile 1.0 consists of a set of non- 1143 proprietary Web services specifications, along with clarifications 1144 and amendments to those specifications which promote 1145 interoperability. 1147 6. Security Considerations 1149 This document describes efforts to standardize security practices and 1150 documents. As such this document offers no security guidance 1151 whatsoever. 1153 Readers of this document should be aware of the date of publication 1154 of this document. It is feared that they may assume that the 1155 efforts, on-line material, and documents are current whereas they may 1156 not be. Please consider this when reading this document. 1158 7. IANA Considerations 1160 This document does not propose a standard and does not require the 1161 IANA to do anything. 1163 8. Acknowledgments 1165 The following people have contributed to this document. Listing 1166 their names here does not mean that they endorse the document, but 1167 that they have contributed to its substance. 1169 David Black, Mark Ellison, George Jones, Keith McCloghrie, John 1170 McDonough, Art Reilly, Chip Sharp, Dane Skow, Michael Hammer, Bruce 1171 Moon. 1173 9. Changes from Prior Drafts 1175 -00 : Initial draft published as draft-lonvick-sec-efforts-01.txt 1177 -01 : Security Glossaries: 1179 Added ATIS Telecom Glossary 2000, Critical Infrastructure 1180 Glossary of Terms and Acronyms, Microsoft Solutions for 1181 Security Glossary, and USC InfoSec Glossary. 1183 Standards Developing Organizations: 1185 Added DMTF, GGF, INCITS, OASIS, and WS-I 1187 Removal of Committee T1 and modifications to ATIS and former T1 1188 technical subcommittees due to the recent ATIS reorganization. 1190 Efforts and Documents: 1192 Added DMTF User and Security WG, DMTF SPAM WG, GGF Security 1193 Area (SEC), INCITS Technical Committee T4 - Security 1194 Techniques, INCITS Technical Committee T11 - Fibre Channel 1195 Interfaces, ISO JTC 1/SC 27 projects, OASIS Security Joint 1196 Committee, OASIS Security Services TC, and WS-I Basic Security 1197 Profile. 1199 Updated Operational Security Requirements for IP Network 1200 Infrastructure : Advanced Requirements. 1202 -00 : as the WG ID 1204 Added more information about the ITU-T SG3 Q18 effort to modify 1205 ITU-T Recommendation M.3016. 1207 -01 : First revision as the WG ID. 1209 Added information about the NGN in the sections about ATIS, the 1210 NSTAC, and ITU-T. 1212 -02 : Second revision as the WG ID. 1214 Updated the date. 1216 Corrected some url's and the reference to George's RFC. 1218 -03 : Third revision of the WG ID. 1220 Updated the date. 1222 Updated the information about the CC 1224 Added a Conventions section (not sure how this document got to 1225 where it is without that) 1227 -04 : Fourth revision of the WG ID. 1229 Updated the date. 1231 Added Anne & Lynn Wheeler Taxonomy & Security Glossary 1233 CIAO glossary removed. CIAO has been absorbed by DHS and the 1234 glossary is no longer available. 1236 USC glossary removed, could not find it on the site or a reference 1237 to it elsewhere. 1239 Added TTA - Telecommunications Technology Association to SDO 1240 section. 1242 Removed ATIS Security & Emergency Preparedness Activities from 1243 Documents section. Could not find it or a reference to it. 1245 INCITS T4 incorporated into CS1 - T4 section removed 1247 X9 Added to SDO list under ANSI 1249 Various link or grammar fixes. 1251 Note: This section will be removed before publication as an RFC. 1253 Authors' Addresses 1255 Chris Lonvick 1256 Cisco Systems 1257 12515 Research Blvd. 1258 Austin, Texas 78759 1259 US 1261 Phone: +1 512 378 1182 1262 Email: clonvick@cisco.com 1264 David Spak 1265 Cisco Systems 1266 12515 Research Blvd. 1267 Austin, Texas 78759 1268 US 1270 Phone: +1 512 378 1720 1271 Email: dspak@cisco.com 1273 Full Copyright Statement 1275 Copyright (C) The Internet Society (2006). 1277 This document is subject to the rights, licenses and restrictions 1278 contained in BCP 78, and except as set forth therein, the authors 1279 retain all their rights. 1281 This document and the information contained herein are provided on an 1282 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 1283 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET 1284 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, 1285 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 1286 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 1287 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 1289 Intellectual Property 1291 The IETF takes no position regarding the validity or scope of any 1292 Intellectual Property Rights or other rights that might be claimed to 1293 pertain to the implementation or use of the technology described in 1294 this document or the extent to which any license under such rights 1295 might or might not be available; nor does it represent that it has 1296 made any independent effort to identify any such rights. Information 1297 on the procedures with respect to rights in RFC documents can be 1298 found in BCP 78 and BCP 79. 1300 Copies of IPR disclosures made to the IETF Secretariat and any 1301 assurances of licenses to be made available, or the result of an 1302 attempt made to obtain a general license or permission for the use of 1303 such proprietary rights by implementers or users of this 1304 specification can be obtained from the IETF on-line IPR repository at 1305 http://www.ietf.org/ipr. 1307 The IETF invites any interested party to bring to its attention any 1308 copyrights, patents or patent applications, or other proprietary 1309 rights that may cover technology that may be required to implement 1310 this standard. Please address the information to the IETF at 1311 ietf-ipr@ietf.org. 1313 Acknowledgment 1315 Funding for the RFC Editor function is provided by the IETF 1316 Administrative Support Activity (IASA).