Security Automation and Continuous Monitoring
charter-ietf-sacm-03
Yes
(Kathleen Moriarty)
No Objection
(Adam Roach)
(Alia Atlas)
(Alissa Cooper)
(Deborah Brungard)
Abstain
- Ready for external review (00-04)
- Approve (00-13)
- Ready for external review (01-00)
- Approve (02-00)
- Ready for external review (02-00)
- Approve (02-02)
Note: This ballot was opened for revision 02-00 and is now closed.
Ballot question: "Is this charter ready for external review?"
Kathleen Moriarty Former IESG member
Yes
Yes
(for -02-00)
Unknown
Adam Roach Former IESG member
No Objection
No Objection
(for -02-01)
Unknown
Alexey Melnikov Former IESG member
No Objection
No Objection
(2017-11-11 for -02-00)
Unknown
"IETF NEA" probably needs a reference to somebody not familiar with the field.
Alia Atlas Former IESG member
No Objection
No Objection
(for -02-00)
Unknown
Alissa Cooper Former IESG member
No Objection
No Objection
(for -02-00)
Unknown
Ben Campbell Former IESG member
No Objection
No Objection
(2017-11-16 for -02-01)
Unknown
Thanks for resolving my earlier comments. This version looks better. The last paragraph of section A. seems to have a cut-and-paste error in the first sentence.
Benoît Claise Former IESG member
No Objection
No Objection
(2017-11-11 for -02-00)
Unknown
The charter is very generic and broad: model, collection, evaluation, orchestration and communication, control plane, a criteria language. I provided feedback to SACM a few times. I trust the responsible AD to do the right thing. I wonder why you impose CBOR in the charter. Can we get the milestones please. Regards, Benoit.
Deborah Brungard Former IESG member
No Objection
No Objection
(for -02-00)
Unknown
Eric Rescorla Former IESG member
No Objection
No Objection
(2017-11-11 for -02-00)
Unknown
This seems fine to me. Some editorial nits below > Securing information and the systems that store, process, and transmit > that information is a challenging task for enterprises of all sizes, and many > security practitioners spend much of their time on manual processes. > Standardized protocols and models aiding collection and evaluation of endpoint > attributes enables automation, thus freeing practitioners to focus on high Nit: models .... enable > priority tasks. Due to the breadth of this work, the working group will address > enterprise use cases pertaining to the assessment of endpoint posture (using > the definitions of Endpoint and Posture from RFC 5209). In alignment with RFC > 5209, a network device is an endpoint. > > At its core, posture assessment consists of five basic steps, which the working > group desires to fulfill in an innovative, automated manner capable of avoiding You're rechartering, so maybe it's less innovative than it was last time :) > ad hoc or scheduled assessments: > > 1. Identify and characterize target endpoints > 2. Determine specific endpoint elements to assess > 3. Collect and make available specified elements' actual values > 4. Compare actual element values to policy compliant element values > 5. Make results available > > This working group will focus on collection, evaluation, and orchestration and > communication, as described herein. > > A. Collection. The WG will define a standardized way to provide two types of > imperative guidance to collectors over varying collection mechanisms: I'm not sure what "imperative guidance" means in this context.
Mirja Kühlewind Former IESG member
Abstain
Abstain
(2017-11-14 for -02-00)
Unknown
Given the charter has changed substantially and I am not familiar with the current state of work of the group, I'm afraid I can't provide any valuable input about the recharting and will therefore abstain.