idnits 2.17.1 draft-ietf-opsec-efforts-09.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 15. -- Found old boilerplate from RFC 3978, Section 5.5, updated by RFC 4748 on line 1309. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 1320. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 1327. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 1333. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (December 11, 2008) is 5586 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) No issues found here. Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group C. Lonvick 3 Internet-Draft D. Spak 4 Expires: June 14, 2009 Cisco Systems 5 December 11, 2008 7 Security Best Practices Efforts and Documents 8 draft-ietf-opsec-efforts-09.txt 10 Status of this Memo 12 By submitting this Internet-Draft, each author represents that any 13 applicable patent or other IPR claims of which he or she is aware 14 have been or will be disclosed, and any of which he or she becomes 15 aware will be disclosed, in accordance with Section 6 of BCP 79. 17 Internet-Drafts are working documents of the Internet Engineering 18 Task Force (IETF), its areas, and its working groups. Note that 19 other groups may also distribute working documents as Internet- 20 Drafts. 22 Internet-Drafts are draft documents valid for a maximum of six months 23 and may be updated, replaced, or obsoleted by other documents at any 24 time. It is inappropriate to use Internet-Drafts as reference 25 material or to cite them other than as "work in progress." 27 The list of current Internet-Drafts can be accessed at 28 http://www.ietf.org/ietf/1id-abstracts.txt. 30 The list of Internet-Draft Shadow Directories can be accessed at 31 http://www.ietf.org/shadow.html. 33 This Internet-Draft will expire on June 14, 2009. 35 Abstract 37 This document provides a snapshot of the current efforts to define or 38 apply security requirements in various Standards Developing 39 Organizations (SDO). 41 Table of Contents 43 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5 44 2. Format of this Document . . . . . . . . . . . . . . . . . . . 7 45 3. Online Security Glossaries . . . . . . . . . . . . . . . . . . 8 46 3.1. ATIS Telecom Glossary 2000 . . . . . . . . . . . . . . . . 8 47 3.2. Internet Security Glossary - RFC 4949 . . . . . . . . . . 8 48 3.3. Compendium of Approved ITU-T Security Definitions . . . . 8 49 3.4. Microsoft Solutions for Security Glossary . . . . . . . . 8 50 3.5. SANS Glossary of Security Terms . . . . . . . . . . . . . 9 51 3.6. Security Taxonomy and Glossary - Anne & Lynn Wheeler . . . 9 52 4. Standards Developing Organizations . . . . . . . . . . . . . . 10 53 4.1. 3GPP - Third Generation Partnership Project . . . . . . . 10 54 4.2. 3GPP2 - Third Generation Partnership Project 2 . . . . . . 10 55 4.3. ANSI - The American National Standards Institute . . . . . 10 56 4.3.1. Accredited Standards Committee X9 (ASC X9) . . . . . . 10 57 4.4. ATIS - Alliance for Telecommunications Industry 58 Solutions . . . . . . . . . . . . . . . . . . . . . . . . 11 59 4.4.1. ATIS NIPP - Network Interface, Power, and 60 Protection Committee, formerly T1E1 . . . . . . . . . 11 61 4.4.2. ATIS NPRQ - Network Performance, Reliability, and 62 Quality of Service Committee, formerly T1A1 . . . . . 11 63 4.4.3. ATIS OBF - Ordering and Billing Forum, formerly 64 regarding T1M1 O&B . . . . . . . . . . . . . . . . . . 11 65 4.4.4. ATIS OPTXS - Optical Transport and Synchronization 66 Committee, formerly T1X1 . . . . . . . . . . . . . . . 12 67 4.4.5. ATIS TMOC - Telecom Management and Operations 68 Committee, formerly T1M1 OAM&P . . . . . . . . . . . . 12 69 4.4.6. ATIS WTSC - Wireless Technologies and Systems 70 Committee, formerly T1P1 . . . . . . . . . . . . . . . 12 71 4.4.7. ATIS PTSC - Packet Technologies and Systems 72 Committee, formerly T1S1 . . . . . . . . . . . . . . . 12 73 4.4.8. ATIS Protocol Interworking Committee, regarding 74 T1S1 . . . . . . . . . . . . . . . . . . . . . . . . . 13 75 4.5. CC - Common Criteria . . . . . . . . . . . . . . . . . . . 13 76 4.6. DMTF - Distributed Management Task Force, Inc. . . . . . . 13 77 4.7. ETSI - The European Telecommunications Standard 78 Institute . . . . . . . . . . . . . . . . . . . . . . . . 13 79 4.8. GGF - Global Grid Forum . . . . . . . . . . . . . . . . . 13 80 4.9. IEEE - The Institute of Electrical and Electronics 81 Engineers, Inc. . . . . . . . . . . . . . . . . . . . . . 14 83 4.10. IETF - The Internet Engineering Task Force . . . . . . . . 14 84 4.11. INCITS - InterNational Committee for Information 85 Technology Standards . . . . . . . . . . . . . . . . . . . 14 86 4.11.1. INCITS Technical Committee T11 - Fibre Channel 87 Interfaces . . . . . . . . . . . . . . . . . . . . . . 14 88 4.12. ISO - The International Organization for 89 Standardization . . . . . . . . . . . . . . . . . . . . . 14 90 4.13. ITU - International Telecommunication Union . . . . . . . 15 91 4.13.1. ITU Telecommunication Standardization Sector - 92 ITU-T . . . . . . . . . . . . . . . . . . . . . . . . 15 93 4.13.2. ITU Radiocommunication Sector - ITU-R . . . . . . . . 15 94 4.13.3. ITU Telecom Development - ITU-D . . . . . . . . . . . 15 95 4.14. OASIS - Organization for the Advancement of 96 Structured Information Standards . . . . . . . . . . . . . 15 97 4.15. OIF - Optical Internetworking Forum . . . . . . . . . . . 16 98 4.16. NRIC - The Network Reliability and Interoperability 99 Council . . . . . . . . . . . . . . . . . . . . . . . . . 16 100 4.17. National Security Telecommunications Advisory 101 Committee (NSTAC) . . . . . . . . . . . . . . . . . . . . 16 102 4.18. TIA - The Telecommunications Industry Association . . . . 16 103 4.19. TTA - Telecommunications Technology Association . . . . . 17 104 4.20. The World Wide Web Consortium . . . . . . . . . . . . . . 17 105 4.21. Web Services Interoperability Organization (WS-I) . . . . 17 106 5. Security Best Practices Efforts and Documents . . . . . . . . 18 107 5.1. 3GPP - TSG SA WG3 (Security) . . . . . . . . . . . . . . . 18 108 5.2. 3GPP2 - TSG-S Working Group 4 (Security) . . . . . . . . . 18 109 5.3. American National Standard T1.276-2003 - Baseline 110 Security Requirements for the Management Plane . . . . . . 18 111 5.4. DMTF - Security Protection and Management (SPAM) 112 Working Group . . . . . . . . . . . . . . . . . . . . . . 19 113 5.5. DMTF - User and Security Working Group . . . . . . . . . . 19 114 5.6. ATIS Work-Plan to Achieve Interoperable, 115 Implementable, End-To-End Standards and Solutions . . . . 19 116 5.6.1. ATIS Work on Packet Filtering . . . . . . . . . . . . 19 117 5.7. ATIS Work on the NGN . . . . . . . . . . . . . . . . . . . 20 118 5.8. Common Criteria . . . . . . . . . . . . . . . . . . . . . 20 119 5.9. ETSI . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 120 5.10. GGF Security Area (SEC) . . . . . . . . . . . . . . . . . 21 121 5.11. Information System Security Assurance Architecture . . . . 21 122 5.12. Operational Security Requirements for IP Network 123 Infrastructure : Advanced Requirements . . . . . . . . . . 21 124 5.13. INCITS CS1 - Cyber Security . . . . . . . . . . . . . . . 22 125 5.14. ISO Guidelines for the Management of IT Security - 126 GMITS . . . . . . . . . . . . . . . . . . . . . . . . . . 22 127 5.15. ISO JTC 1/SC 27 . . . . . . . . . . . . . . . . . . . . . 23 128 5.16. ITU-T Study Group 2 . . . . . . . . . . . . . . . . . . . 23 129 5.17. ITU-T Recommendation M.3016 . . . . . . . . . . . . . . . 24 130 5.18. ITU-T Recommendation X.805 . . . . . . . . . . . . . . . 24 131 5.19. ITU-T Study Group 16 . . . . . . . . . . . . . . . . . . . 24 132 5.20. ITU-T Study Group 17 . . . . . . . . . . . . . . . . . . . 25 133 5.21. Catalogue of ITU-T Recommendations related to 134 Communications System Security . . . . . . . . . . . . . . 25 135 5.22. ITU-T Security Manual . . . . . . . . . . . . . . . . . . 25 136 5.23. ITU-T NGN Effort . . . . . . . . . . . . . . . . . . . . . 26 137 5.24. NRIC VI Focus Groups . . . . . . . . . . . . . . . . . . . 26 138 5.25. OASIS Security Joint Committee . . . . . . . . . . . . . . 26 139 5.26. OASIS Security Services (SAML) TC . . . . . . . . . . . . 27 140 5.27. OIF Implementation Agreements . . . . . . . . . . . . . . 27 141 5.28. TIA . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 142 5.29. WS-I Basic Security Profile . . . . . . . . . . . . . . . 28 143 6. Security Considerations . . . . . . . . . . . . . . . . . . . 29 144 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30 145 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 31 146 9. Changes from Prior Drafts . . . . . . . . . . . . . . . . . . 32 147 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 35 148 Intellectual Property and Copyright Statements . . . . . . . . . . 36 150 1. Introduction 152 The Internet is being recognized as a critical infrastructure similar 153 in nature to the power grid and a potable water supply. Just like 154 those infrastructures, means are needed to provide resiliency and 155 adaptability to the Internet so that it remains consistently 156 available to the public throughout the world even during times of 157 duress or attack. For this reason, many SDOs are developing 158 standards with hopes of retaining an acceptable level, or even 159 improving this availability, to its users. These SDO efforts usually 160 define themselves as "security" efforts. It is the opinion of the 161 authors that there are many different definitions of the term 162 "security" and it may be applied in many diverse ways. As such, we 163 offer no assurance that the term is applied consistently throughout 164 this document. 166 Many of these SDOs have diverse charters and goals and will take 167 entirely different directions in their efforts to provide standards. 168 However, even with that, there will be overlaps in their produced 169 works. If there are overlaps then there is a potential for conflicts 170 and confusion. This may result in: 172 Vendors of networking equipment who are unsure of which standard 173 to follow. 175 Purchasers of networking equipment who are unsure of which 176 standard will best apply to the needs of their business or 177 ogranization. 179 Network Administrators and Operators unsure of which standard to 180 follow to attain the best security for their network. 182 For these reasons, the authors wish to encourage all SDOs who have an 183 interest in producing or in consuming standards relating to good 184 security practices to be consistent in their approach and their 185 recommendations. In many cases, the authors are aware that the SDOs 186 are making good efforts along these lines. However, the authors do 187 not participate in all SDO efforts and cannot know everything that is 188 happening. 190 The OpSec Working Group met at the 61st IETF and agreed that this 191 document could be a useful reference in producing the documents 192 described in the Working Group Charter. The authors have agreed to 193 keep this document current and request that those who read it will 194 submit corrections or comments. 196 Comments on this document may be addressed to the OpSec Working Group 197 or directly to the authors. 199 opsec@ops.ietf.org 201 2. Format of this Document 203 The body of this document has three sections. 205 The first part of the body of this document, Section 3, contains a 206 listing of online glossaries relating to networking and security. It 207 is very important that the definitions of words relating to security 208 and security events be consistent. Inconsistencies between the 209 useage of words on standards is unacceptable as it would prevent a 210 reader of two standards to appropriately relate their 211 recommendations. The authors of this document have not reviewed the 212 definitions of the words in the listed glossaries so can offer no 213 assurance of their alignment. 215 The second part, Section 4, contains a listing of SDOs that appear to 216 be working on security standards. 218 The third part, Section 5, lists the documents which have been found 219 to offer good practices or recommendations for securing networks and 220 networking devices. 222 3. Online Security Glossaries 224 This section contains references to glossaries of network and 225 computer security terms 227 3.1. ATIS Telecom Glossary 2000 229 http://www.atis.org/tg2k/ 231 Under an approved T1 standards project (T1A1-20), an existing 5800- 232 entry, search-enabled hypertext telecommunications glossary titled 233 Federal Standard 1037C, Glossary of Telecommunication Terms was 234 updated and matured into this glossary, T1.523-2001, Telecom Glossary 235 2000. This updated glossary was posted on the Web as an American 236 National Standard (ANS). 238 3.2. Internet Security Glossary - RFC 4949 240 http://www.ietf.org/rfc/rfc4949.txt 242 This document was originally created as RFC 2828 in May 2000. It was 243 revised as RFC 4949 and the document defines itself to be, "an 244 internally consistent, complementary set of abbreviations, 245 definitions, explanations, and recommendations for use of terminology 246 related to information system security." 248 3.3. Compendium of Approved ITU-T Security Definitions 250 http://www.itu.int/itudoc/itu-t/com17/activity/def004.html 252 Addendum to the Compendium of the Approved ITU-T Security-related 253 Definitions 254 http://www.itu.int/itudoc/itu-t/com17/activity/add002.html 256 These extensive materials were created from approved ITU-T 257 Recommendations with a view toward establishing a common 258 understanding and use of security terms within ITU-T. 260 3.4. Microsoft Solutions for Security Glossary 262 http://www.microsoft.com/security/glossary.mspx 264 The Microsoft Solutions for Security Glossary was created to explain 265 the concepts, technologies, and products associated with computer 266 security. This glossary contains several definitions specific to 267 Microsoft proprietary technologies and product solutions. 269 3.5. SANS Glossary of Security Terms 271 http://www.sans.org/resources/glossary.php 273 The SANS Institute (SysAdmin, Audit, Network, Security) was created 274 in 1989 as, "a cooperative research and education organization." 275 Updated in May 2003, SANS cites the NSA for their help in creating 276 the online glossary of security terms. The SANS Institute is also 277 home to many other resources including the SANS Intrusion Detection 278 FAQ and the SANS/FBI Top 20 Vulnerabilities List. 280 3.6. Security Taxonomy and Glossary - Anne & Lynn Wheeler 282 http://www.garlic.com/~lynn/secure.htm 284 Anne and Lynn Wheeler maintain a security taxonomy and glossary with 285 terms merged from AFSEC, AJP, CC1, CC2, CC21 (CC site), CIAO, FCv1, 286 FFIEC, FJC, FTC, IATF V3 (IATF site), IEEE610, ITSEC, Intel, JTC1/ 287 SC27 (SC27 site), KeyAll, MSC, NIST 800-30, 800-33, 800-37, 800-53, 288 800-61, 800-77, 800-83 FIPS140, NASA, NCSC/TG004, NIAP, NSA 289 Intrusion, CNSSI 4009, online security study, RFC1983, RFC2504, 290 RFC2647, RFC2828, TCSEC, TDI, and TNI. 292 4. Standards Developing Organizations 294 This section of this document lists the SDOs, or organizations that 295 appear to be developing security related standards. These SDOs are 296 listed in alphabetical order. 298 Note: The authors would appreciate corrections and additions. This 299 note will be removed before publication as an RFC. 301 4.1. 3GPP - Third Generation Partnership Project 303 http://www.3gpp.org/ 305 The 3rd Generation Partnership Project (3GPP) is a collaboration 306 agreement formed in December 1998. The collaboration agreement is 307 comprised of several telecommunications standards bodies which are 308 known as "Organizational Partners". The current Organizational 309 Partners involved with 3GPP are ARIB, CCSA, ETSI, ATIS, TTA, and TTC. 311 4.2. 3GPP2 - Third Generation Partnership Project 2 313 http://www.3gpp2.org/ 315 Third Generation Partnership Project 2 (3GPP2) is a collaboration 316 among Organizational Partners much like its sister project 3GPP. The 317 Organizational Partners (OPs) currently involved with 3GPP2 are ARIB, 318 CCSA, TIA, TTA, and TTC. In addition to the OPs, 3GPP2 also welcomes 319 the CDMA Development Group and IPv6 Forum as Market Representation 320 Partners for market advice. 322 4.3. ANSI - The American National Standards Institute 324 http://www.ansi.org/ 326 ANSI is a private, non-profit organization that organizes and 327 oversees the U.S. voluntary standardization and conformity assessment 328 system. ANSI was founded October 19, 1918. 330 4.3.1. Accredited Standards Committee X9 (ASC X9) 332 http://www.x9.org/ 334 The Accredited Standards Committee X9 (ASC X9) has the mission to 335 develop, establish, maintain, and promote standards for the Financial 336 Services Industry in order to facilitate delivery of financial 337 services and products. 339 4.4. ATIS - Alliance for Telecommunications Industry Solutions 341 http://www.atis.org/ 343 ATIS is a United States based body that is committed to rapidly 344 developing and promoting technical and operations standards for the 345 communications and related information technologies industry 346 worldwide using pragmatic, flexible and open approach. Committee T1 347 as a group no longer exists as a result of the recent ATIS 348 reorganization on January 1, 2004. ATIS has restructured the former 349 T1 technical subcommittees into full ATIS standards committees to 350 easily identify and promote the nature of standards work each 351 committee performs. Due to the reorganization, some groups may have 352 a new mission and scope statement. 354 4.4.1. ATIS NIPP - Network Interface, Power, and Protection Committee, 355 formerly T1E1 357 http://www.atis.org/0050/index.asp 359 ATIS Network Interface, Power, and Protection Committee develops and 360 recommends standards and technical reports related to power systems, 361 electrical and physical protection for the exchange and interexchange 362 carrier networks, and interfaces associated with user access to 363 telecommunications networks. 365 4.4.2. ATIS NPRQ - Network Performance, Reliability, and Quality of 366 Service Committee, formerly T1A1 368 http://www.atis.org/0010/index.asp 370 ATIS Network Performance, Reliability and Quality of Service 371 Committee develops and recommends standards, requirements, and 372 technical reports related to the performance, reliability, and 373 associated security aspects of communications networks, as well as 374 the processing of voice, audio, data, image, and video signals, and 375 their multimedia integration. 377 4.4.3. ATIS OBF - Ordering and Billing Forum, formerly regarding T1M1 378 O&B 380 http://www.atis.org/obf/index.asp 382 The T1M1 O&B subcommittee has become part of the ATIS Ordering and 383 Billing Forum. 385 The ATIS-sponsored Ordering and Billing Forum (OBF) provides a forum 386 for customers and providers in the telecommunications industry to 387 identify, discuss and resolve national issues which affect ordering, 388 billing, provisioning and exchange of information about access 389 services, other connectivity and related matters. 391 4.4.4. ATIS OPTXS - Optical Transport and Synchronization Committee, 392 formerly T1X1 394 http://www.atis.org/0240/index.asp 396 ATIS Optical Transport and Synchronization Committee develops and 397 recommends standards and prepares technical reports related to 398 telecommunications network technology pertaining to network 399 synchronization interfaces and hierarchical structures including 400 optical technology. 402 4.4.5. ATIS TMOC - Telecom Management and Operations Committee, 403 formerly T1M1 OAM&P 405 http://www.atis.org/0130/index.asp 407 ATIS Telecom Management and Operations Committee develops 408 internetwork operations, administration, maintenance and provisioning 409 standards, and technical reports related to interfaces for 410 telecommunications networks. 412 4.4.6. ATIS WTSC - Wireless Technologies and Systems Committee, 413 formerly T1P1 415 http://www.atis.org/0160/index.asp 417 ATIS Wireless Technologies and Systems Committee develops and 418 recommends standards and technical reports related to wireless and/or 419 mobile services and systems, including service descriptions and 420 wireless technologies. 422 4.4.7. ATIS PTSC - Packet Technologies and Systems Committee, formerly 423 T1S1 425 http://www.atis.org/0191/index.asp 427 T1S1 was split into two separate ATIS committees: the ATIS Packet 428 Technologies and Systems Committee and the ATIS Protocol Interworking 429 Committee. PTSC is responsible for producing standards to secure 430 signalling. 432 The basic document is PTSC-SEC-2005-059.doc which is in Letter Ballot 433 at this time. It is expected to move to an ANSI standard. 435 4.4.8. ATIS Protocol Interworking Committee, regarding T1S1 437 T1S1 was split into two separate ATIS committees: the ATIS Packet 438 Technologies and Systems Committee and the ATIS Protocol Interworking 439 Committee. As a result of the reorganization of T1S1, these groups 440 will also probably have a new mission and scope. 442 4.5. CC - Common Criteria 444 http://www.commoncriteriaportal.org/ 446 In June 1993, the sponsoring organizations of the existing US, 447 Canadian, and European criterias (TCSEC, ITSEC, and similar) started 448 the Common Criteria Project to align their separate criteria into a 449 single set of IT security criteria. 451 4.6. DMTF - Distributed Management Task Force, Inc. 453 http://www.dmtf.org/ 455 Founded in 1992, the DMTF brings the technology industry's customers 456 and top vendors together in a collaborative, working group approach 457 that involves DMTF members in all aspects of specification 458 development and refinement. 460 4.7. ETSI - The European Telecommunications Standard Institute 462 http://www.etsi.org/ 464 ETSI is an independent, non-profit organization which produces 465 telecommunications standards. ETSI is based in Sophia-Antipolis in 466 the south of France and maintains a membership from 55 countries. 468 Joint work between ETSI and ITU-T SG-17 470 http://www.tta.or.kr/gsc/upload/ 471 GSC9_Joint_011_Security_Standardization_in_ITU.ppt 473 4.8. GGF - Global Grid Forum 475 http://www.gridforum.org/ 477 The Global Grid Forum (GGF) is a community-initiated forum of 478 thousands of individuals from industry and research leading the 479 global standardization effort for grid computing. GGF's primary 480 objectives are to promote and support the development, deployment, 481 and implementation of grid technologies and applications via the 482 creation and documentation of "best practices" - technical 483 specifications, user experiences, and implementation guidelines. 485 4.9. IEEE - The Institute of Electrical and Electronics Engineers, Inc. 487 http://www.ieee.org/ 489 IEEE is a non-profit, professional association of more than 360,000 490 individual members in approximately 175 countries. The IEEE produces 491 30 percent of the world's published literature in electrical 492 engineering, computers, and control technology through its technical 493 publishing, conferences, and consensus-based standards activities. 495 4.10. IETF - The Internet Engineering Task Force 497 http://www.ietf.org/ 499 IETF is a large, international community open to any interested 500 individual concerned with the evolution of the Internet architecture 501 and the smooth operation of the Internet. 503 4.11. INCITS - InterNational Committee for Information Technology 504 Standards 506 http://www.incits.org/ 508 INCITS focuses upon standardization in the field of Information and 509 Communications Technologies (ICT), encompassing storage, processing, 510 transfer, display, management, organization, and retrieval of 511 information. 513 4.11.1. INCITS Technical Committee T11 - Fibre Channel Interfaces 515 http://www.t11.org/index.htm 517 T11 is responsible for standards development in the areas of 518 Intelligent Peripheral Interface (IPI), High-Performance Parallel 519 Interface (HIPPI) and Fibre Channel (FC). T11 has a project called 520 FC-SP to define Security Protocols for Fibre Channel. 522 FC-SP Project Proposal: 523 ftp://ftp.t11.org/t11/admin/project_proposals/02-036v2.pdf 525 4.12. ISO - The International Organization for Standardization 527 http://www.iso.org/ 529 ISO is a network of the national standards institutes of 148 530 countries, on the basis of one member per country, with a Central 531 Secretariat in Geneva, Switzerland, that coordinates the system. ISO 532 officially began operations on February 23, 1947. 534 4.13. ITU - International Telecommunication Union 536 http://www.itu.int/ 538 The ITU is an international organization within the United Nations 539 System headquartered in Geneva, Switzerland. The ITU is comprised of 540 three sectors: 542 4.13.1. ITU Telecommunication Standardization Sector - ITU-T 544 http://www.itu.int/ITU-T/ 546 ITU-T's mission is to ensure an efficient and on-time production of 547 high quality standards covering all fields of telecommunications. 549 4.13.2. ITU Radiocommunication Sector - ITU-R 551 http://www.itu.int/ITU-R/ 553 The ITU-R plays a vital role in the management of the radio-frequency 554 spectrum and satellite orbits. 556 4.13.3. ITU Telecom Development - ITU-D 558 (also referred as ITU Telecommunication Development Bureau - BDT) 560 http://www.itu.int/ITU-D/ 562 The Telecommunication Development Bureau (BDT) is the executive arm 563 of the Telecommunication Development Sector. Its duties and 564 responsibilities cover a variety of functions ranging from programme 565 supervision and technical advice to the collection, processing and 566 publication of information relevant to telecommunication development. 568 4.14. OASIS - Organization for the Advancement of Structured 569 Information Standards 571 http://www.oasis-open.org/ 573 OASIS is a not-for-profit, international consortium that drives the 574 development, convergence, and adoption of e-business standards. 576 4.15. OIF - Optical Internetworking Forum 578 http://www.oiforum.com/ 580 On April 20, 1998 Cisco Systems and Ciena Corporation announced an 581 industry-wide initiative to create the Optical Internetworking Forum, 582 an open forum focused on accelerating the deployment of optical 583 internetworks. 585 4.16. NRIC - The Network Reliability and Interoperability Council 587 http://www.nric.org/ 589 The purposes of the Committee are to give telecommunications industry 590 leaders the opportunity to provide recommendations to the FCC and to 591 the industry that assure optimal reliability and interoperability of 592 telecommunications networks. The Committee addresses topics in the 593 area of Homeland Security, reliability, interoperability, and 594 broadband deployment. 596 4.17. National Security Telecommunications Advisory Committee (NSTAC) 598 http://www.ncs.gov/nstac/nstac.html 600 President Ronald Reagan created the National Security 601 Telecommunications Advisory Committee (NSTAC) by Executive Order 602 12382 in September 1982. Since then, the NSTAC has served four 603 presidents. Composed of up to 30 industry chief executives 604 representing the major communications and network service providers 605 and information technology, finance, and aerospace companies, the 606 NSTAC provides industry-based advice and expertise to the President 607 on issues and problems related to implementing national security and 608 emergency preparedness (NS/EP) communications policy. Since its 609 inception, the NSTAC has addressed a wide range of policy and 610 technical issues regarding communications, information systems, 611 information assurance, critical infrastructure protection, and other 612 NS/EP communications concerns. 614 4.18. TIA - The Telecommunications Industry Association 616 http://www.tiaonline.org/ 618 TIA is accredited by ANSI to develop voluntary industry standards for 619 a wide variety of telecommunications products. TIA's Standards and 620 Technology Department is composed of five divisions: Fiber Optics, 621 User Premises Equipment, Network Equipment, Wireless Communications 622 and Satellite Communications. 624 4.19. TTA - Telecommunications Technology Association 626 http://www.tta.or.kr/Home2003/main/index.jsp 627 http://www.tta.or.kr/English/new/main/index.htm (English) 629 TTA (Telecommunications Technology Association) is a IT standards 630 organization that develops new standards and provides one-stop 631 services for the establishment of IT standards as well as providing 632 testing and certification for IT products. 634 4.20. The World Wide Web Consortium 636 http://www.w3.org/Consortium/ 638 The World Wide Web Consortium (W3C) is an international consortium 639 where Member organizations, a full-time staff, and the public work 640 together to develop Web standards. W3C's mission is: To lead the 641 World Wide Web to its full potential by developing protocols and 642 guidelines that ensure long-term growth for the Web. 644 The security work within the W3C 646 http://www.w3.org/Security/Activity 648 4.21. Web Services Interoperability Organization (WS-I) 650 http://www.ws-i.org/ 652 WS-I is an open, industry organization chartered to promote Web 653 services interoperability across platforms, operating systems, and 654 programming languages. The organization works across the industry 655 and standards organizations to respond to customer needs by providing 656 guidance, best practices, and resources for developing Web services 657 solutions. 659 5. Security Best Practices Efforts and Documents 661 This section lists the works produced by the SDOs. 663 5.1. 3GPP - TSG SA WG3 (Security) 665 http://www.3gpp.org/TB/SA/SA3/SA3.htm 667 TSG SA WG3 Security is responsible for the security of the 3GPP 668 system, performing analyses of potential security threats to the 669 system, considering the new threats introduced by the IP based 670 services and systems and setting the security requirements for the 671 overall 3GPP system. 673 Specifications: 674 http://www.3gpp.org/ftp/Specs/html-info/TSG-WG--S3.htm 676 Work Items: 677 http://www.3gpp.org/ftp/Specs/html-info/TSG-WG--s3--wis.htm 679 3GPP Confidentiality and Integrity algorithms: 680 http://www.3gpp.org/TB/Other/algorithms.htm 682 5.2. 3GPP2 - TSG-S Working Group 4 (Security) 684 http://www.3gpp2.org/Public_html/S/index.cfm 686 The Services and Systems Aspects TSG (TSG-S) is responsible for the 687 development of service capability requirements for systems based on 688 3GPP2 specifications. Among its responsibilities TSG-S is addressing 689 management, technical coordination, as well as architectural and 690 requirements development associated with all end-to-end features, 691 services and system capabilities including, but not limited to, 692 security and QoS. 694 TSG-S Specifications: 695 http://www.3gpp2.org/Public_html/specs/index.cfm#tsgs 697 5.3. American National Standard T1.276-2003 - Baseline Security 698 Requirements for the Management Plane 700 Abstract: This standard contains a set of baseline security 701 requirements for the management plane. The President's National 702 Security Telecommunications Advisory Committee Network Security 703 Information Exchange (NSIE) and Government NSIE jointly established a 704 Security Requirements Working Group (SRWG) to examine the security 705 requirements for controlling access to the public switched network, 706 in particular with respect to the emerging next generation network. 708 In the telecommunications industry, this access incorporates 709 operation, administration, maintenance, and provisioning for network 710 elements and various supporting systems and databases. Members of 711 the SRWG, from a cross-section of telecommunications carriers and 712 vendors, developed an initial list of security requirements that 713 would allow vendors, government departments and agencies, and service 714 providers to implement a secure telecommunications network management 715 infrastructure. This initial list of security requirements was 716 submitted as a contribution to Committee T1 - Telecommunications, 717 Working Group T1M1.5 for consideration as a standard. The 718 requirements outlined in this document will allow vendors, government 719 departments and agencies, and service providers to implement a secure 720 telecommunications network management infrastructure. 722 Documents: 723 http://webstore.ansi.org/ansidocstore/product.asp?sku=T1%2E276%2D2003 725 5.4. DMTF - Security Protection and Management (SPAM) Working Group 727 http://www.dmtf.org/about/committees/spamWGCharter.pdf 729 The Working Group will define a CIM Common Model that addresses 730 security protection and detection technologies, which may include 731 devices and services, and classifies security information, attacks, 732 and responses. 734 5.5. DMTF - User and Security Working Group 736 http://www.dmtf.org/about/committees/userWGCharter.pdf 738 The User and Security Working Group defines objects and access 739 methods required for principals - where principals include users, 740 groups, software agents, systems, and organizations. 742 5.6. ATIS Work-Plan to Achieve Interoperable, Implementable, End-To-End 743 Standards and Solutions 745 ftp://ftp.t1.org/T1M1/NEW-T1M1.0/3M101940.pdf 747 The ATIS TOPS Security Focus Group has made recommendations on work 748 items needed to be performed by other SDOs. 750 5.6.1. ATIS Work on Packet Filtering 752 A part of the ATIS Work Plan was to define how disruptions may be 753 prevented by filtering unwanted traffic at the edges of the network. 754 ATIS is developing this work in a document titled, "Traffic Filtering 755 for the Prevention of Unwanted Traffic". 757 5.7. ATIS Work on the NGN 759 http://www.atis.org/tops/WebsiteDocuments/NGN/Working%20Docs/ 760 Part%20I/ATIS_NGN_Part_1_Issue1.pdf 762 In November 2004, ATIS released Part I of the ATIS NGN-FG efforts 763 entitled, "ATIS Next Generation Network (NGN) Framework Part I: NGN 764 Definitions, Requirements, and Architecture, Issue 1.0, November 765 2004." 767 5.8. Common Criteria 769 http://www.commoncriteriaportal.org/ 771 Version 1.0 of the CC was completed in January 1996. Based on a 772 number of trial evaluations and an extensive public review, Version 773 1.0 was extensively revised and CC Version 2.0 was produced in April 774 of 1998. This became ISO International Standard 15408 in 1999. The 775 CC Project subsequently incorporated the minor changes that had 776 resulted in the ISO process, producing CC version 2.1 in August 1999. 777 Version 3.0 was published in June 2005 and is available for comment. 779 The official version of the Common Criteria and of the Common 780 Evaluation Methodology is v2.3 which was published in August 2005. 782 All Common Criteria publications contain: 784 Part 1: Introduction and general model 786 Part 2: Security functional components 788 Part 3: Security assurance components 790 Documents: Common Criteria V2.3 791 http://www.commoncriteriaportal.org/public/expert/index.php?menu=2 793 5.9. ETSI 795 http://www.etsi.org/ 797 The ETSI hosted the ETSI Global Security Conference in late November, 798 2003, which could lead to a standard. 800 Groups related to security located from the ETSI Groups Portal: 802 OCG Security 803 3GPP SA3 805 TISPAN WG7 807 5.10. GGF Security Area (SEC) 809 https://forge.gridforum.org/projects/sec/ 811 The Security Area (SEC) is concerned with various issues relating to 812 authentication and authorization in Grid environments. 814 Working groups: 816 Authorization Frameworks and Mechanisms WG (AuthZ-WG) - 817 https://forge.gridforum.org/projects/authz-wg 819 Certificate Authority Operations Working Group (CAOPS-WG) - 820 https://forge.gridforum.org/projects/caops-wg 822 OGSA Authorization Working Group (OGSA-AUTHZ) - 823 https://forge.gridforum.org/projects/ogsa-authz 825 Grid Security Infrastructure (GSI-WG) - 826 https://forge.gridforum.org/projects/gsi-wg 828 5.11. Information System Security Assurance Architecture 830 IEEE Working Group - http://issaa.org/ 832 Formerly the Security Certification and Accreditation of Information 833 Systems (SCAISWG), IEEE Project 1700's purpose is to develop a draft 834 Standard for Information System Security Assurance Architecture for 835 ballot and during the process begin development of a suite of 836 associated standards for components of that architecture. 838 Documents: http://issaa.org/documents/index.html 840 5.12. Operational Security Requirements for IP Network Infrastructure : 841 Advanced Requirements 843 IETF RFC 3871 845 Abstract: This document defines a list of operational security 846 requirements for the infrastructure of large ISP IP networks (routers 847 and switches). A framework is defined for specifying "profiles", 848 which are collections of requirements applicable to certain network 849 topology contexts (all, core-only, edge-only...). The goal is to 850 provide network operators a clear, concise way of communicating their 851 security requirements to vendors. 853 Documents: 855 ftp://ftp.rfc-editor.org/in-notes/rfc3871.txt 857 5.13. INCITS CS1 - Cyber Security 859 http://cs1.incits.org/ 861 INCITS/CS1 was established in April 2005 to serve as the US TAG for 862 ISO/IEC JTC 1/SC 27 and all SC 27 Working Groups except WG 2 863 (INCITS/T4 serves as the US TAG to SC 27/WG 2). 865 The scope of CS1 explicitly excludes the areas of work on cyber 866 security standardization presently underway in INCITS B10, M1 and T3; 867 as well as other standard groups, such as ATIS, IEEE, IETF, TIA, and 868 X9. INCITS T4's area of work would be narrowed to cryptography 869 projects in ISO/IEC JTC 1/SC 27 WG 2 (Security techniques and 870 mechanisms). 872 5.14. ISO Guidelines for the Management of IT Security - GMITS 874 Guidelines for the Management of IT Security -- Part 1: Concepts and 875 models for IT Security 877 http://www.iso.ch/iso/en/ 878 CatalogueDetailPage.CatalogueDetail?CSNUMBER=21733&ICS1=35 880 Guidelines for the Management of IT Security -- Part 2: Managing and 881 planning IT Security 883 http://www.iso.org/iso/en/ 884 CatalogueDetailPage.CatalogueDetail?CSNUMBER=21755&ICS1=35&ICS2=40& 885 ICS3= 887 Guidelines for the Management of IT Security -- Part 3: Techniques 888 for the management of IT Security 890 http://www.iso.org/iso/en/ 891 CatalogueDetailPage.CatalogueDetail?CSNUMBER=21756&ICS1=35&ICS2=40& 892 ICS3= 894 Guidelines for the Management of IT Security -- Part 4: Selection of 895 safeguards 897 http://www.iso.org/iso/en/ 898 CatalogueDetailPage.CatalogueDetail?CSNUMBER=29240&ICS1=35&ICS2=40& 899 ICS3= 901 Guidelines for the Management of IT Security - Part 5: Management 902 guidance on network security 904 http://www.iso.org/iso/en/ 905 CatalogueDetailPage.CatalogueDetail?CSNUMBER=31142&ICS1=35&ICS2=40& 906 ICS3= 908 Open Systems Interconnection -- Network layer security protocol 910 http://www.iso.org/iso/en/ 911 CatalogueDetailPage.CatalogueDetail?CSNUMBER=22084&ICS1=35&ICS2=100& 912 ICS3=30 914 5.15. ISO JTC 1/SC 27 916 http://www.iso.ch/iso/en/stdsdevelopment/techprog/workprog/ 917 TechnicalProgrammeSCDetailPage.TechnicalProgrammeSCDetail?COMMID=143 919 Several security related ISO projects under JTC 1/SC 27 are listed 920 here such as: 922 IT security techniques -- Entity authentication 924 Security techniques -- Key management 926 Security techniques -- Evaluation criteria for IT security 928 Security techniques -- A framework for IT security assurance 930 IT Security techniques -- Code of practice for information 931 security management 933 Security techniques -- IT network security 935 Guidelines for the implementation, operation and management of 936 Intrusion Detection Systems (IDS) 938 International Security, Trust, and Privacy Alliance -- Privacy 939 Framework 941 5.16. ITU-T Study Group 2 943 http://www.itu.int/ITU-T/studygroups/com02/index.asp 945 Security related recommendations currently under study: 947 E.408 Telecommunication networks security requirements Q.5/2 (was 948 E.sec1) 950 E.409 Incident Organisation and Security Incident Handling Q.5/2 951 (was E.sec2) 953 Note: Access requires TIES account. 955 5.17. ITU-T Recommendation M.3016 957 http://www.itu.int/itudoc/itu-t/com4/contr/068.html 959 This recommendation provides an overview and framework that 960 identifies the security requirements of a TMN and outlines how 961 available security services and mechanisms can be applied within the 962 context of the TMN functional architecture. 964 Question 18 of Study Group 3 is revising Recommendation M.3016. They 965 have taken the original document and are incorporating thoughts from 966 ITU-T Recommendation X.805 and from ANSI T1.276-2003. The group has 967 produced a new series of documents. 969 M.3016.0 - Overview 971 M.3016.1 - Requirements 973 M.3016.2 - Services 975 M.3016.3 - Mechanisms 977 M.3016.4 - Profiles 979 5.18. ITU-T Recommendation X.805 981 http://www.itu.int/itudoc/itu-t/aap/sg17aap/history/x805/x805.html 983 This Recommendation defines the general security-related 984 architectural elements that, when appropriately applied, can provide 985 end-to-end network security. 987 5.19. ITU-T Study Group 16 989 http://www.itu.int/ITU-T/studygroups/com16/index.asp 991 Multimedia Security in Next-Generation Networks (NGN-MM-SEC) 993 http://www.itu.int/ITU-T/studygroups/com16/sg16-q25.html 995 5.20. ITU-T Study Group 17 997 http://www.itu.int/ITU-T/studygroups/com17/index.asp 999 ITU-T Study Group 17 is the Lead Study Group on Communication System 1000 Security 1002 http://www.itu.int/ITU-T/studygroups/com17/cssecurity.html 1004 Study Group 17 Security Project: 1006 http://www.itu.int/ITU-T/studygroups/com17/security/index.html 1008 During its November 2002 meeting, Study Group 17 agreed to establish 1009 a new project entitled "Security Project" under the leadership of 1010 Q.10/17 to coordinate the ITU-T standardization effort on security. 1011 An analysis of the status on ITU-T Study Group action on information 1012 and communication network security may be found in TSB Circular 147 1013 of 14 February 2003. 1015 5.21. Catalogue of ITU-T Recommendations related to Communications 1016 System Security 1018 http://www.itu.int/itudoc/itu-t/com17/activity/cat004.html 1020 The Catalogue of the approved security Recommendations include those, 1021 designed for security purposes and those, which describe or use of 1022 functions of security interest and need. Although some of the 1023 security related Recommendations includes the phrase "Open Systems 1024 Interconnection", much of the information contained in them is 1025 pertinent to the establishment of security functionality in any 1026 communicating system. 1028 5.22. ITU-T Security Manual 1030 http://www.itu.int/ITU-T/edh/files/security-manual.pdf 1032 TSB is preparing an "ITU-T Security Manual" to provide an overview on 1033 security in telecommunications and information technologies, describe 1034 practical issues, and indicate how the different aspects of security 1035 in today's applications are addressed by ITU-T Recommendations. This 1036 manual has a tutorial character: it collects security related 1037 material from ITU-T Recommendations into one place and explains the 1038 respective relationships. The intended audience for this manual are 1039 engineers and product managers, students and academia, as well as 1040 regulators who want to better understand security aspects in 1041 practical applications. 1043 5.23. ITU-T NGN Effort 1045 http://www.itu.int/ITU-T/2001-2004/com13/ngn2004/index.html 1047 During its January 2002 meeting, SG13 decided to undertake the 1048 preparation of a new ITU-T Project entitled "NGN 2004 Project". At 1049 the November 2002 SG13 meeting, a preliminary description of the 1050 Project was achieved and endorsed by SG13 with the goal to launch the 1051 Project. It is regularly updated since then. 1053 The role of the NGN 2004 Project is to organize and to coordinate 1054 ITU-T activities on Next Generation Networks. Its target is to 1055 produce a first set of Recommendations on NGN by the end of this 1056 study period, i.e. mid-2004. 1058 5.24. NRIC VI Focus Groups 1060 http://www.nric.org/fg/index.html 1062 The Network Reliability and Interoperability Council (NRIC) was 1063 formed with the purpose to provide recommendations to the FCC and to 1064 the industry to assure the reliability and interoperability of 1065 wireless, wireline, satellite, and cable public telecommunications 1066 networks. These documents provide general information and guidance 1067 on NRIC Focus Group 1B (Cybersecurity) Best Practices for the 1068 prevention of cyberattack and for restoration following a 1069 cyberattack. 1071 Documents: 1073 Homeland Defense - Recommendations Published 14-Mar-03 1075 Preventative Best Practices - Recommendations Published 14-Mar-03 1077 Recovery Best Practices - Recommendations Published 14-Mar-03 1079 Best Practice Appendices - Recommendations Published 14-Mar-03 1081 5.25. OASIS Security Joint Committee 1083 http://www.oasis-open.org/committees/ 1084 tc_home.php?wg_abbrev=security-jc 1086 The purpose of the Security JC is to coordinate the technical 1087 activities of multiple security related TCs. The SJC is advisory 1088 only, and has no deliverables. The Security JC will promote the use 1089 of consistent terms, promote re-use, champion an OASIS security 1090 standards model, provide consistent PR, and promote mutuality, 1091 operational independence and ethics. 1093 5.26. OASIS Security Services (SAML) TC 1095 http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security 1097 The Security Services TC is working to advance the Security Assertion 1098 Markup Language (SAML) as an OASIS standard. SAML is an XML 1099 framework for exchanging authentication and authorization 1100 information. 1102 5.27. OIF Implementation Agreements 1104 The OIF has 2 approved Implementation Agreements (IAs) relating to 1105 security. They are: 1107 OIF-SMI-01.0 - Security Management Interfaces to Network Elements 1109 This Implementation Agreement lists objectives for securing OAM&P 1110 interfaces to a Network Element and then specifies ways of using 1111 security systems (e.g., IPsec or TLS) for securing these interfaces. 1112 It summarizes how well each of the systems, used as specified, 1113 satisfies the objectives. 1115 OIF - SEP - 01.1 - Security Extension for UNI and NNI 1117 This Implementation Agreement defines a common Security Extension for 1118 securing the protocols used in UNI 1.0, UNI 2.0, and NNI. 1120 Documents: http://www.oiforum.com/public/documents/Security-IA.pdf 1122 5.28. TIA 1124 The TIA has produced the "Compendium of Emergency Communications and 1125 Communications Network Security-related Work Activities". This 1126 document identifies standards, or other technical documents and 1127 ongoing Emergency/Public Safety Communications and Communications 1128 Network Security-related work activities within TIA and it's 1129 Engineering Committees. Many P25 documents are specifically 1130 detailed. This "living document" is presented for information, 1131 coordination and reference. 1133 Documents: http://www.tiaonline.org/standards/technology/ciphs/ 1134 documents/EMTEL_sec.pdf 1136 5.29. WS-I Basic Security Profile 1138 http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html 1140 The WS-I Basic Security Profile 1.0 consists of a set of non- 1141 proprietary Web services specifications, along with clarifications 1142 and amendments to those specifications which promote 1143 interoperability. 1145 6. Security Considerations 1147 This document describes efforts to standardize security practices and 1148 documents. As such this document offers no security guidance 1149 whatsoever. 1151 Readers of this document should be aware of the date of publication 1152 of this document. It is feared that they may assume that the 1153 efforts, on-line material, and documents are current whereas they may 1154 not be. Please consider this when reading this document. 1156 7. IANA Considerations 1158 This document does not propose a standard and does not require the 1159 IANA to do anything. 1161 8. Acknowledgments 1163 The following people have contributed to this document. Listing 1164 their names here does not mean that they endorse the document, but 1165 that they have contributed to its substance. 1167 David Black, Mark Ellison, George Jones, Keith McCloghrie, John 1168 McDonough, Art Reilly, Chip Sharp, Dane Skow, Michael Hammer, Bruce 1169 Moon. 1171 9. Changes from Prior Drafts 1173 -00 : Initial draft published as draft-lonvick-sec-efforts-01.txt 1175 -01 : Security Glossaries: 1177 Added ATIS Telecom Glossary 2000, Critical Infrastructure 1178 Glossary of Terms and Acronyms, Microsoft Solutions for 1179 Security Glossary, and USC InfoSec Glossary. 1181 Standards Developing Organizations: 1183 Added DMTF, GGF, INCITS, OASIS, and WS-I 1185 Removal of Committee T1 and modifications to ATIS and former T1 1186 technical subcommittees due to the recent ATIS reorganization. 1188 Efforts and Documents: 1190 Added DMTF User and Security WG, DMTF SPAM WG, GGF Security 1191 Area (SEC), INCITS Technical Committee T4 - Security 1192 Techniques, INCITS Technical Committee T11 - Fibre Channel 1193 Interfaces, ISO JTC 1/SC 27 projects, OASIS Security Joint 1194 Committee, OASIS Security Services TC, and WS-I Basic Security 1195 Profile. 1197 Updated Operational Security Requirements for IP Network 1198 Infrastructure : Advanced Requirements. 1200 -00 : as the WG ID 1202 Added more information about the ITU-T SG3 Q18 effort to modify 1203 ITU-T Recommendation M.3016. 1205 -01 : First revision as the WG ID. 1207 Added information about the NGN in the sections about ATIS, the 1208 NSTAC, and ITU-T. 1210 -02 : Second revision as the WG ID. 1212 Updated the date. 1214 Corrected some url's and the reference to George's RFC. 1216 -03 : Third revision of the WG ID. 1218 Updated the date. 1220 Updated the information about the CC 1222 Added a Conventions section (not sure how this document got to 1223 where it is without that) 1225 -04 : Fourth revision of the WG ID. 1227 Updated the date. 1229 Added Anne & Lynn Wheeler Taxonomy & Security Glossary 1231 CIAO glossary removed. CIAO has been absorbed by DHS and the 1232 glossary is no longer available. 1234 USC glossary removed, could not find it on the site or a reference 1235 to it elsewhere. 1237 Added TTA - Telecommunications Technology Association to SDO 1238 section. 1240 Removed ATIS Security & Emergency Preparedness Activities from 1241 Documents section. Could not find it or a reference to it. 1243 INCITS T4 incorporated into CS1 - T4 section removed 1245 X9 Added to SDO list under ANSI 1247 Various link or grammar fixes. 1249 -05 : Fifth revision of the WG ID. 1251 Updated the date. 1253 Removed the 2119 definitions; this is an informational document. 1255 -06 : Sixth revision of the WG ID. 1257 Updated the date. 1259 Added W3C information. 1261 -07 : Seventh revision of the WG ID. 1263 Updated the date. 1265 -08 : Eighth revision of the WG ID. 1267 Updated the reference to RFC 4949, found by Stephen Kent. 1269 -09 : Nineth revision of the WG ID. 1271 Updated the date. 1273 Note: This section will be removed before publication as an RFC. 1275 Authors' Addresses 1277 Chris Lonvick 1278 Cisco Systems 1279 12515 Research Blvd. 1280 Austin, Texas 78759 1281 US 1283 Phone: +1 512 378 1182 1284 Email: clonvick@cisco.com 1286 David Spak 1287 Cisco Systems 1288 12515 Research Blvd. 1289 Austin, Texas 78759 1290 US 1292 Phone: +1 512 378 1720 1293 Email: dspak@cisco.com 1295 Full Copyright Statement 1297 Copyright (C) The IETF Trust (2008). 1299 This document is subject to the rights, licenses and restrictions 1300 contained in BCP 78, and except as set forth therein, the authors 1301 retain all their rights. 1303 This document and the information contained herein are provided on an 1304 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 1305 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND 1306 THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS 1307 OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF 1308 THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 1309 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 1311 Intellectual Property 1313 The IETF takes no position regarding the validity or scope of any 1314 Intellectual Property Rights or other rights that might be claimed to 1315 pertain to the implementation or use of the technology described in 1316 this document or the extent to which any license under such rights 1317 might or might not be available; nor does it represent that it has 1318 made any independent effort to identify any such rights. Information 1319 on the procedures with respect to rights in RFC documents can be 1320 found in BCP 78 and BCP 79. 1322 Copies of IPR disclosures made to the IETF Secretariat and any 1323 assurances of licenses to be made available, or the result of an 1324 attempt made to obtain a general license or permission for the use of 1325 such proprietary rights by implementers or users of this 1326 specification can be obtained from the IETF on-line IPR repository at 1327 http://www.ietf.org/ipr. 1329 The IETF invites any interested party to bring to its attention any 1330 copyrights, patents or patent applications, or other proprietary 1331 rights that may cover technology that may be required to implement 1332 this standard. Please address the information to the IETF at 1333 ietf-ipr@ietf.org.