Skip to main content

GRC Report Exchange

Document Type Expired Internet-Draft (mile WG)
Expired & archived
Authors Kathleen Moriarty , Said Tabet , David Waltermire
Last updated 2013-05-10 (Latest revision 2012-11-06)
Replaces draft-moriarty-mile-grc-exchange
RFC stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Additional resources Mailing list discussion
Stream WG state WG Document
Document shepherd (None)
IESG IESG state Expired
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


Governance, risk, and compliance (GRC) programs provide oversight (governance) of risks and compliance initiatives within an organization. GRC reports are increasingly provided in an XML format. This specification defines a common method to securely transport GRC and other XML reports. The defined messaging capability provides policy options and markings in an XML schema, options for confidentiality at the document/report level, and security for the end-to-end communication. XML reports may be shared between service providers and clients, enterprises, or within enterprises. Reports may also be exchanged for official purposes such as business report filings, compliance report filings, and the handling of legal incidents (eWarrant, eDiscovery, etc.) This work is a generalized format derived from the secure exchange of incident information defined by RFC6545, Real-time Inter-network Defense (RID).


Kathleen Moriarty
Said Tabet
David Waltermire

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)