GRC Report Exchange

Document Type Expired Internet-Draft (mile WG)
Last updated 2013-05-10 (latest revision 2012-11-06)
Replaces draft-moriarty-mile-grc-exchange
Stream IETF
Intended RFC status (None)
Expired & archived
plain text pdf html
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


Governance, risk, and compliance (GRC) programs provide oversight (governance) of risks and compliance initiatives within an organization. GRC reports are increasingly provided in an XML format. This specification defines a common method to securely transport GRC and other XML reports. The defined messaging capability provides policy options and markings in an XML schema, options for confidentiality at the document/report level, and security for the end-to-end communication. XML reports may be shared between service providers and clients, enterprises, or within enterprises. Reports may also be exchanged for official purposes such as business report filings, compliance report filings, and the handling of legal incidents (eWarrant, eDiscovery, etc.) This work is a generalized format derived from the secure exchange of incident information defined by RFC6545, Real-time Inter-network Defense (RID).


Kathleen Moriarty (
Said Tabet (
D. Waltermire (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)