Skip to main content

Operational Security Capabilities for IP Network Infrastructure

Document Charter Operational Security Capabilities for IP Network Infrastructure WG (opsec)
Title Operational Security Capabilities for IP Network Infrastructure
Last updated 2018-01-30
State Approved
WG State Active
IESG Responsible AD Warren "Ace" Kumari
Charter edit AD Warren "Ace" Kumari
Send notices to (None)


The OPSEC WG will document operational issues and best current practices 
with regard to network security. In particular, the working group will 
clarify the rationale of supporting current operational practice, 
addressing gaps in currently understood best practices and clarifying 
liabilities inherent in security practices where they exist.


The scope of the OPSEC WG includes the protection and secure operation 
of the forwarding, control and management planes. Documentation of 
operational issues, revision of existing operational security practices 
documents and proposals for new approaches to operational challenges 
related to network security are in scope.


The work will result in the publication of informational or BCP RFCs. 
Taxonomy or problem statement documents may provide a basis for such 

Informational or Best Current Practices Documents

For each topic addressed, the working group will produce a document that
captures common practices related to secure network operation. This will 
be primarily based on operational experience. A document might convey:

* a threat or threats to be addressed

* current practices for addressing the threat

* protocols, tools and technologies extant at the time of writing that 
are used to address the threat

* the possibility that a solution does not exist within existing tools 
or technologies

Taxonomy and Problem Statement Documents

These are documents that describe the scope of particular operational 
security challenges or problem spaces without necessarily coming to 
conclusions or proposing solutions. Such a document might be the 
precursor to an informational or best current practices document.

While the principal input of the working group is operational experience 
and needs, the output should be directed towards providing guidance to 
the operators community, other working groups that develop protocols or 
the protocol development community.


The OPSEC WG is will not write or modify protocols. New protocol work 
must be addressed through a working group chartered for that work, or 
via one of the individual submission processes. The OPSEC WG may take on 
documents related to the practices of using such work.